Urgent: On-going International computer virus WannaCry: What to know, what to do.
International computer virus ‘WannaCry’ causing havoc.
Over the weekend news broke about a global cyber security emergency that has impacted hundreds of thousands of computers around the world. It has caused serious disruption in health care, emergency services and business generally.
There is a high risk that as people arrive at work in Australia today, we will see the spread of incidents here.
But there are things you and your business can do immediately to protect yourself.
What is going on?
A piece of malicious code called ransomware has infected computers by taking advantage of a flaw in some versions of Microsoft networking software. This malware enters hidden via emails that carrying infected code (known as Phishing) and then spreads from one computer to another.
Once in place, the malware locks access to the computers and the files in the network. It demands users pay a ransom before the computers will be unlocked. If they do not, the users’ data will be permanently destroyed.
You might have read that the spread of the malware was initially contained when a clever IT worker in the UK created a “kill switch”. He did this by registering a domain name that infected computers communicated with before beginning to spread. This stopped the virus acting.
However, this does not mean the crisis is over.
The fix does not protect all computers in all situations, depending on how your network is configured, and the malware is reportedly “evolving” to get around the immediate fix.
What can you do?
First, ensure you have patched all your servers and workstations to ensure they are using the latest version of software. Once the malware has entered through an infected email, it spreads from computer to computer through Microsoft networking software.
Microsoft has released patches to close the vulnerability in various versions of its server software Windows operating system, guidance to who is affected, and advice as to immediate action you can take, which can be found here. Some organisations install patches on a longer cycle – say, bimonthly – and might have missed patches released over the weekend.
Your second line of defence is to try to prevent the malware getting into your system in the first place.
The malware enters through an infected email. Emails carrying the infection can be stopped at your Internet Gateway (for those who use a Gateway) by ensuring your email filtering and firewall software is up to date with all the latest signatures.
Thirdly, users should be extra vigilant in opening suspicious email, especially when they log on for the first time after the weekend.
Finally, ensure that you have effective and up to date back-ups. That way, if all else fails, you can recover your lost data.
Who can you call?
If you have been impacted by this malware, you should report it to the National Computer Emergency Response Team (CERT Australia).
+61 2 6141 2999
Hotline: 1300 172 499
or the Australian Cyber Security Centre
1300 292 371