TAMPA, Fla. – Monday, companies across the globe woke up to find they were under attack.
A virus known as “Wanna Cry” started infecting computers before the weekend, but many did not find out until they started trying to open files with the start of the work week.
More than 200,000 systems have been infected in over 150 countries around the world.
Systems at British Hospitals, Germany’s national railway, Spain’s biggest phone company and even Fed Ex in the United States have been victimized by the virus that demands corporations and individuals pay a ransom to regain files that have been encrypted by the attacker.
James Ullery at LED Tampa is familiar with the problem.
His company’s computers were infected by a virus in 2016.
An employee discovered the attack when he tried to open critical files on a company computer.
“He said ‘I can’t open up any of the camera files’ and he said ‘they are no longer JPGES,’ he said ‘they have some strange extension on the end of the camera files,'” said Ullery.
A message demanded the company pay $500 to regain access to the files.
“So, in essence, we couldn’t conduct business, because we had no access to any data that was current,” said Ullery.
His system back-up was more than 60-days-old and Ullery said at that point he had little choice, he elected to pay the ransom.
“You should back your data up as frequently as you can,” said Ullery.
At the Florida Center for Cyber Security at the University of South Florida, director Sri Sridharan said paying the ransom doesn’t always work.
“There are people who have paid the ransom, but they still have the ransomware on their screen, that it’s not been cleaned out. In other words, the attackers have not provided the decryption algorithms to release your data back to it’s normalcy,” said Sridharan.
Still, he said for some companies, it’s a calculated risk.
“It all depends on your situation, you’ve got to make a decision. If you are a company, if you are an enterprise and if your electronic records and patient records are locked up, you have to think twice about not paying a ransom,” said Sridharan.
He recommends frequent system back-ups on a remote system.
Sridharan also said companies and individuals should download and install software updates as soon as they are available.
In this case, Sridharan said Microsoft was aware of a potential security problem and sent out a patch to correct the problem long before the latest attack.
Sridharan said systems that did not install the patch were vulnerable to the attack.
Follow Jeff Patterson on Facebook
You’ve been hit! What should you do?
Isolate the infected computer immediately.
Disconnect your PC from any networks it’s connected to.
Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking network or share drives.
Power it off.
This may afford more time to clean and recover data, contain damage, and prevent worsening conditions.
What happens next depends if you’re on a home PC or a work PC.
If you’re at home, get in touch with a local IT support company who’ll be able to get your computer back into working order.
If you’re at work, get in touch with your internal IT department, then make sure a notification is sent out telling everyone about the attack.
Contact law enforcement immediately.
It is strongly encouraged that you contact a local field office of the Federal Bureau of Investigation (FBI) or U.S. Secret Service immediately upon discovery to report a ransomware event and request assistance.
Should you pay the ransom?
No!
The United States Government does not encourage paying a ransom to criminals.
Ransomware victims may also wish to consider the following factors:
• Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after paying a ransom.
• Some victims who paid the demand were targeted again by cyber actors.
• After paying the originally demanded ransom, some victims were asked to pay more to get the promised decryption key.
• Paying could inadvertently encourage this criminal business model
Source: US Department of Justice, US Computer Emergency Readiness Team