Several of SandStorm IT’s customers have asked what can be done about the current rash of ransomware virus infections, and, specifically the WannaCrypt, or commonly called the Wanna Cry virus.
What is “Wanna Cry”?
BREAK
WannaCrypt or “Wanna Cry” is a ransomware virus designed to make your data inaccessible and to then extort money, funds, or some form of payment from you to get access back to your data. Once WannaCrypt gets onto your computer, it encrypts all of your data and then shows a message telling you to send a bitcoin payment to get the data decrypted.
BREAK
I’ve got it, so now what?
BREAK
You may feel you have no choice but to trust the extortionists and pay the ransom, but…you may have another options. If you have a good backup of the affected files, you can restore them. If the infection occurred after the latest backup, that should get your data back. Before restoring, though, you’ll want to eradicate your system of the existing virus. You can run any of several virus cleaners to find and remove any known viruses on your computer. If that doesn’t find and remove the WannaCrypt virus, you may need to reformat and re-install your operating system.
If you need any assistance with this, give SandStorm IT a call and we can dispatch one of our highly trained IT Techs to work with you on this.
How can I keep from getting infected?
BREAK
Prevention is always the best solution. We recommend a tiered approach: gateway protection, end point protection, and backups.
Gateway Protection
BREAK
A strong firewall is essential to help protect the “gateway”, or perimeter, of your network. SandStorm IT recommends acquiring and implementing a SonicWALL firewall. While the SonicWALL’s Gateway Antivirus, Intrusion Prevention, and Anti-Spyware go a long way in protecting your network, nothing can prevent all viruses 100% of the time.
End Point Protection
BREAK
Protecting the end points with a modern updated antivirus engine with the latest definitions is very important. SandStorm IT recommends Symantec Endpoint Protection (SEP).
Another layer of protection could be achieved by installing Malwarebytes professional on every workstation to run along side Symantec Endpoint Protection. In order to do so the workstations will need to have at least 8GB of RAM to not see a slowdown.
Most of the ransomware infections SandStorm IT has seen are isolated to single workstations, however the virus can encrypt files on shared folders that the workstation may have access to without actually infecting the server. An infected workstation can easily encrypt files on shared folders making them inaccessible forcing a recovery from a backup.
Making sure all Microsoft and third party applications are patched and up to date is also important. Adobe Reader, Flash, Java, are all common programs that are targeted.
Backups
BREAK
Backing up data really is the best thing you can do to protect yourself. Make sure all critical data is backed up and that the retention policy is long enough to be able to identify an infection and recover before the backups are overwritten with virus/encrypted files.
Conclusions
BREAK
- First, if you don’t have a recent backup, do that immediately! Stop what you’re doing and backup all of your critical data.
- Second, ensure all of your Windows Updates have been applied and that all of the software on your computer / workstation is up to date.
- Third, make sure you have a current, commercial grade virus protection software.
- Fourth, verify that you have a sufficient firewall on your network.
If you need any assistance, please give us a call at (901) 475-0275 and we can provide additional information as well as a quote for getting your computing environment safer.
