IMPORTANT IT SECURITY MESSAGE
We are sure you have heard the news over the weekend, however in case you are unaware, a massive RansomWare attack (largest in history) has hit over 230,000 computers in 99 countries, demanding ransom payments in bitcoin in 28 languages. The attack has been described by Europol as “unprecedented in scale“.
WannaCry, also known by the names WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor and other similar names, is a ransomware program targeting Microsoft Windows and continues to spread rapidly around the world.
Similar to prior ransomware attacks, this malware infects a computer and encrypts all the data it can find, rendering the information inaccessible until the victim pays a ransom in Bitcoin to unlock the files.
The attack is being described as a cyber weapon of mass destruction (WMD), as it is exploiting a known vulnerability by scanning the Internet for at risk machines and then attacks email addresses associated with the vulnerable machines. A falsified email is sent to the user of the at risk machine with an attachment that says it is an invoice or other meaningful items. The attachment is actually a zip file, that when opened, delivers the malware.
Managed IT recommend all users exercise extreme caution with any links or attachments to emails and simply do not click or open the link to external sites from an email that you are not expecting.
It can be very difficult to restore your PC after a ransomware attack – especially if it’s infected by encryption ransomware.- if you’re ever unsure – don’t click it!
What are we doing about it?
We want to assure all users that we have done everything possible to protect you ‘behind the scenes’.
- At Managed IT, we align with the Australian Cyber Security Centre and adopt the Australian Signals Directorate’s measures for security hardening our customer’s networks and particularly our hosted private datacentre environment. We welcome any customers who wish to gain an insight into these measures to review this link: Strategies to Mitigate Cyber Security Incidents.
- Managed IT customers with SLA’s in place can be assured that their computers have been patched, in compliance with Microsoft’s security bulletin Microsoft Security Bulletin MS17-010 – Critical.
- Managed IT have implemented file backup and restoration solutions from multiple vendors for datacentre hosted customer servers, to enable faster recovery options in the event of a Ransomeware outbreak
- It is important to note that each customer’s network and associated data is securely segregated in our multi-tenanted environment, which will prevent an outbreak from one customer affecting any other customer
- Of particular relevance is Managed IT’s recent upgrade of our security platforms as a result of our new partnership with the cyber security company Fortinet. Fortinet has won our trust based on their leadership in the security industry, delivering the most innovative, highest performing network security fabric to secure and simplify IT infrastructures.
- Managed IT have recently implemented the Fortinet Security Fabric within our datacentre. The Fortinet Security Fabric is an intelligent framework designed for scalable, interconnected security combined with high awareness and actionable threat intelligence. Fortinet’s security technologies have earned the most independent certifications for security effectiveness and performance in the industry.
What do we need from our customers?
- Whenever prompted, please reboot your computer to allow patching maintenance to occur
- Do not install any ransomware protection solutions on your own accord with contacting Managed IT as this can compromise existing protection and measures in place
- Whilst we can have the highest security prevention solutions and detection techniques in place, all of this is not effective if customers “invite” RansomWare to take hold of their computer and others within their organisation, through clicking on links from unexpected sources.
If your organisation has been affected by ransomware, here are some things to do:
- Isolate infected devices immediately by removing them from the network as soon as possible to prevent ransomware from spreading to the network or shared drives;
- If your network has been infected, immediately disconnect all connected devices;
- Power-off affected devices that have not been completely corrupted. This may provide time to clean and recover data, contain damage, and prevent conditions from worsening;
- Contact Managed IT on 1300 ManagedIT (1300 626 243) or online here