On Friday, 12 May 2017, a large international cyber-attack began the spread of the WannaCrypt0r 2.0 file-encryption ransomware (aka WannaCry). Systems which are behind on Windows updates, or running older unsupported operating systems (Windows XP and Server 2003, for example), are particularly vulnerable. Over 230,000 machines in 150 countries were initially affected. Steps have been taken by the international security to stem the tide of the initial outbreak, but variants are sure to appear in the coming days and weeks. Affected machines will display a screen similar to the image shown, though sometimes not until a reboot.
Machines are being infected by phishing emails with a link or attachment. As always, we would like to stress the importance of not opening email attachments or clicking links in unverified emails, even from senders with whom you are familiar. If you were not expecting to receive a particular link or attachment, DO NOT OPEN IT. Contact the sender prior to opening the message, or simply delete it.
Southwest Cyber Systems customers typically have at least one, if not several, layers of defense in the form of antivirus software, web filters, and Meraki next-generation firewalls. That being said, your vigilance is always required to safeguard your company’s information and continuity of business.
It is our recommendation that affected companies NOT to pay the ransom, but to attempt recovery of the files from backup. If you think you have been affected by this issue, or would like to talk to us about preventative measures, please contact your Southwest Cyber representative or our main number for assistance. You can find more specific info on the attack at this link.