You may have heard over the weekend about a new, very serious, malware called WannaCry Decryptor. Security experts are dubbing this one of the worst malware cases they have ever seen. On Friday May 12th organizations including healthcare facilities, in countries outside of the US were hit hard, including The National Health Service in the UK. The malware was enough to shutdown operations. Here's what you need to know as a nonprofit leader.
WannaCry is initially distributed through a Phishing scam (note that Phishing is an email based scam that only works if someone in the organization clicks the malicious link). The software is a form of ransomware, which seeks to encrypt files on the infected computers and computers that are part of a network. They will then ask you to pay a ransom in bitcoin in return for the key to decrypt the files.
The attack appears to have exploited a Windows vulnerability that Microsoft released a patch for in March. That flaw was in the Windows Server Message Block (SMB) service, which Windows computers use to share files and printers across local networks. Microsoft addressed the issue in its MS17-010 bulletin.
The bad news: once a computer is infected with WannaCry because a user clicked a malicious link, all of the computers on the network are then exposed to the malware. This means you could be in your office, a coffee shop, anywhere with a shared network, get the virus and unknowingly infect other computers connected to the same network as you.
The good news: over the weekend a UK based researcher halted the spread by uncovering and deploying a kill switch. Microsoft has also released a patch for unsupported operating systems such as Windows XP and Server 2003 allowing the option to patch rather than attempt to upgrade to newer systems to prevent the spread.
What you should do – tell your users about phishing, make sure that before they open an email they:
- Know the sender
- Check that it makes sense that they received that email
- Can verify any attachments or links are safe
- Check that the email doesn’t threaten to close accounts or cancel cards if they don’t provide information
- Make sure the email is from a trusted source – and that it doesn’t just LOOK like it is from a trusted source
- Ensure nothing seems “off” about the email
Your users are you first line of defense. Ensure they know what to do in the case they receive a suspicious email or link. While applying the Windows update will prevent the spread of the malware within your network, your users are your first line of defense. It is very likely that new versions of the malware will be released that can circumvent the researcher’s kill switch.
In addition to training your users and patching your devices you should backup regularly and keep a recent backup copy off-site (in the cloud!).
Need some help equipping your organization with best in class IT security? Check out our resource library which includes an IT Security Guide & Checklist for nonprofit organizations.