As some of you may be aware, last Friday May 12th, there was a world wide Wanna Cry ransomware attack targeting Microsoft Windows 8 and under. Windows 10 is not affected. Since its initial release over email it has spread to affected Windows computers in over 150 countries.

We now know a lot more about this malicious program and its attack vector than we did during the initial stages of the attack on Friday.

https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
https://answers.microsoft.com/en-us/windows/forum/windows_10-security/wanna-cry-ransomware/5afdb045-8f36-4f55-a992-53398d21ed07
http://www.politico.com/story/2017/05/12/nsa-hacking-tools-hospital-ransomware-attacks-wannacryptor-238328

A great explanation in layman’s terms of how this attack works can be found here on the UK’s Mirror website:
http://www.mirror.co.uk/tech/what-wanna-decryptor-look-ransomware-10410236

1) The ransomeware is spread over email and instant messaging. The emails/messages try to trick you into opening attachments or clicking on links via spear phishing (targeted phishing) attacks.
https://en.wikipedia.org/wiki/Phishing

2) Once the computer is infected by WannaCry, the malware uses the infected computer as a platform to attack all other computers on the infected computer’s local network. In many cases this quickly disabled ALL affected computers on the local network, encrypting the data on the computer and locking users out with a screen that demanded a ransom payment for the key to decrypt the data.

3) The Windows vulnerability affecting SMB (Server Message Block), which this ransomeware exploits, was patched by Microsoft on March 14, 2017. All users of Windows 7 and higher should make sure that they have their Microsoft Windows up to date. In fact, all Windows users should have automatic updates enabled whenever possible.

4) In a very rare move, Microsoft provided a patch to both Windows XP and Windows 8, 2 versions of its Windows operating system it no longer supports.

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/http://www.pcworld.com/article/3196694/security/old-windows-pcs-can-stop-wannacry-ransomware-with-new-microsoft-patch.html

Users can also disable the Server Message Block protocol to make themselves immune to the attack.

https://support.microsoft.com/en-in/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012

5) In light of this world wide attack, this is an excellent time to remind everyone to maintain regular and recent backups of your files. Though Apple’s Macintosh Computers are not affected by this attack, they could be vulnerable to other types of attacks in the future. All users, regardless of which OS or platform you use, should make sure they have up to date backups. All Mac users should be using Apple’s Time Machine program with required external Hard Drive.

Please let us know if anyone has any questions or concerns.