According to the experts of the State Police, WannaCry could know a new wave of spread with the reopening of the offices. Tips to defend yourself
The emergency is not over. Despite the fortunate discovery that allowed a young British researcher to stem the first wave of WannaCry spreading by spending less than 10 euros, the ransomware is supposedly “evolving” to come back stronger than before.
According to a first estimate, in fact, the series of ransomware attacks that knocked out (among others) Telefonica in Spain and the British internal health service earned just 30 thousand dollars: it is likely that hackers want to make their efforts more conspicuous. Other clues suggest that the worst is yet to come: some computer security experts, in fact, have spotted a new version of WannaCry (called Wcry 2.0) without “the switch” that allowed to stem the first spread. The situation, say the experts of the Italian State Police, could worsen on Monday, when thousands and thousands of people will go back to work.
According to the data in possession of the computer security laboratories of CNAIPIC (acronym for Centro Nazionale Anticrimine Informatico per la Protezione delle Infrastrutture Critiche), the ransomware appeared in Italy starting from the first afternoon of Friday and its spread could have been slowed down by the closure of the offices. On Monday, when many factories and offices reopen, many may find a nasty surprise waiting for them.
How WannaCry ransomware spreads
As stated in a post on the “Commissariato di PS Online – Italia” Facebook page, the vectors of WannaCry’s spread are not yet obvious and it is so complex to contain it. Once installed in the computer, the malware goes to “place” inside the “Windows” folder as a connectivity service for the local network. From here, it first encrypts certain file types and then goes on to infect all other computers belonging to the same local network. In this way, WannaCry was able to spread into the networks of Telefonica and the NHS (British National Health Service) with apparent ease and speed, just to name two examples. And that’s why CNAIPIC experts believe that, in our country, most of the damage can be caused starting Monday morning, when the PCs of corporate computer networks will turn on after the weekend.
How to defend yourself from the WannaCry ransomware attack
In the post of the State Police mentioned above, you can also find information on how to avoid being infected by the ransomware virus and make sure that it doesn’t spread further.
To defend against ransomware, first of all, it is advisable to update the operating system of the computers on the network by installing the protection patch for Microsoft Windows systems published with security bulletin MS17-010 of March 14, 2017 and update the antivirus software. Having done these operations, analysts and system administrators will have to decide whether to disable the service attacked by WannaCry and avoid the “epidemic” spread of the malware in question. The users of the single machines, instead, will have to avoid to open phishing mails (probable responsible of the initial diffusion of the ransomware) and to make new backups of the system: in this case, even if you should be infected, you will be able to restore the system without big problems.