How To Protect Yourself And What To Do If You Have Been Attacked

What do the following companies and organizations have in common?

National Health Services in England

Drag a button, link, or anything else into the icon box to place it below the text.

Telefonica in Spain

Drag a button, link, or anything else into the icon box to place it below the text.

FedEx

Drag a button, link, or anything else into the icon box to place it below the text.

Bank of China

Drag a button, link, or anything else into the icon box to place it below the text.

Renault

Drag a button, link, or anything else into the icon box to place it below the text.

Nissan in England

They have ALL been hit by the WannaCry ransomware attack and the ONLY resort their IT teams have had is to tell people to shut off their computers and wait until the data is restored and the ransomware can be eradicated. In many cases, the affected systems have had to be wiped and completely reloaded. So far, it has affected over 200,000 victims in 150 countries and has left many wondering if they are at risk.WHAT IS WANNACRY?
Criminal hackers have released a new strain of ransomware that spreads itself automatically across all workstations in a network, causing a global epidemic. If you or a co-worker are not paying attention and accidentally open one of these phishing email attachments, you might infect not only your own workstation but immediately everyone else's computer too.
WHAT TO DO RIGHT NOW!
Criminal hackers have released a new strain of ransomware that spreads itself automatically across all workstations in a network, causing a global epidemic. If you or a co-worker are not paying attention and accidentally open one of these phishing email attachments, you might infect not only your own workstation but immediately everyone else's computer too.
IF YOU ARE NOT AN ALLSAFE IT CLIENT
If you're not one of our clients, here's what you can do to protect yourself:

Run Windows update

Drag a button, link, or anything else into the icon box to place it below the text.

Make sure your anti-virus product is up to date

Drag a button, link, or anything else into the icon box to place it below the text.

Back up your data and confirm/test your backups

Drag a button, link, or anything else into the icon box to place it below the text. .We don’t want you to become a victim of this! Call us if you have any questions or concerns or drop us a line via the form here. AllSafe IT are here to help!UPDATES
UPDATE [Monday May 15, 6:54 AM EST]
This attack has hit the press internationally. China states more than a million machines were affected. Pundits are now pointing at Microsoft's code, who in turn point at the NSA for allowing this out of the bottle. Of course, Snowden blames the NSA as well. And then there is victim-blaming because auto-updates were turned off which would have fixed this 2 months ago. Enough blame to go around for everyone. Ultimately this is a shared responsibility, but IT people are carrying the heavy load here and often do not get enough budget to get the job done right.

Predictions are the infection is going to get worse, because now machines will be turned on that aren't patched, like MRI machines in hospitals and other medical devices that still run XP and have not been patched.
UPDATE [Sunday May 14, 2017, 2:25 PM EST]
WanaCry20.pngRound Two: WanaCry Is back. As expected, that was only a temporary fix. Over Friday and Saturday, samples of the malware emerged without the kill switch, meaning that attackers have resumed their campaign even though the MalwareTech security researcher accidentally cut off the original wave.

"I can confirm we've had versions without the kill switch domain connect since yesterday," Costin Raiu, director of global research and analysis team at Kaspersky Labs. However, there seems to be some controversy if the new version uses the NSA worm or not. I say better be safe than sorry because there will be copycats.
UPDATE [Saturday May 13, 2017, 3:57 PM EST]
It looks like the spread of the Wana Decrypt0r ransomware has been temporarily halted after security researcher MalwareTech has registered a hardcoded domain included in the ransomware's source code, which was functioning as a kill switch. Cisco Talos has confirmed the information.

“I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental,” MalwareTech tweeted late on Friday. “So I can only add ‘accidentally stopped an international cyber attack’ to my résumé.” Note that this kill-switch would not prevent any unpatched PC from getting infected in the following scenarios:

If the users get WannaCry via an email and open the zip file (instead of automatically infected via SMBl).

Drag a button, link, or anything else into the icon box to place it below the text.

If by chance your ISP or antivirus or firewall blocks access to the sinkhole domain.

Drag a button, link, or anything else into the icon box to place it below the text.

If the targeted system requires a proxy to access the Internet, (a common practice in corporate networks).

Drag a button, link, or anything else into the icon box to place it below the text.

If someone makes the sinkhole domain inaccessible for all, such as by using a large-scale DDoS attack.

Drag a button, link, or anything else into the icon box to place it below the text. .However, this is just a temporary deterrent. For the bad guys, it's just one line of code to fix this and the infection process starts again. You can hope that your endpoint protection blocks it, but do not count on that. The way to prevent this infection is the 8 steps above, and of course, it helps to have your users trained within an inch of their lives to spot phishing red flags.

‍