A malicious computer bug called WannaCry is spreading around the globe and you need to protect your PC now to ensure your machine stays safe. The criminals who released this menace on the internet intend to hold the information on your computer hostage until they are paid a sum of money: hence the infection has been called “ransomware.” You can protect yourself by going to the Microsoft website and downloading a security patch. You can also visit your local Best Buy and ask Geek Squad for a free Ransomware Vulnerability Assessment. They’ll determine if your PC is vulnerable to infection and needs an update. A Geek Squad agent will even show you how to run a Windows update yourself, at no cost.

Wannacry ransomeware
WannaCry screen capture via McAfee

What is WannaCry, why is it so dangerous and what steps should you take to make certain your computer is safe?

Here’s everything you need to know:


FAQ

What’s going on?
Cybercriminals are using something called “ransomware” to essentially hold data on Windows-based computers hostage by encrypting files, making them unusable and demanding “ransom” payment before potentially restoring access. This kind of criminal activity has occurred before, but this most recent occurrence appears to be the most widespread ransomware attack to date. It has spread to more than 100 countries.

How would I know it’s happening to me?
These cybercriminals have designed their ransomware to change your desktop background to present their ransom demands and instructions on how to comply. This desktop image is unmistakable and unavoidable. The desktop background will change almost immediately after infection. Once it occurs, your data, technically speaking, has been encrypted. Practically speaking, it has been rendered useless.

How do I avoid this attack?
First, make sure you’ve activated automatic updates for your computer’s operating system and all applications.  Next, make certain you have a leading anti-virus software package installed on your computer. If you don’t have one, you can research and purchase here. Finally, be careful when opening attachments or clicking on links that are unknown to you, or using public wireless networks if your systems have not been updated and anti-virus software has not been installed.

What else can I do?
It’s always important to have important data backed up onto an external device or in the cloud. Please note that if using an external hard drive it is advisable to unplug it from your computer when not in use so that the files on it won’t be adversely affected if your computer ever becomes infected.  Cloud storage is available through a number of third parties, including Google, Apple, Microsoft and Box. If you’re feeling uncertain, please visit your nearest Best Buy location and our Geek Squad Agents can perform a free Vulnerability Assessment service to verify that your PC has been patched for the latest security updates.

If I’m affected and do not have my data backed up in the cloud or on an external hard drive, what can I do?
Industry experts do not advise paying the ransom because there is no guarantee your data will be available to you after payment is made. Essentially, you pay at your own risk. Additionally, it is believed that people who do make payments could be targeted in the future for additional ransom attacks.

If I’m affected and do have my data backed up, what can I do?
If you have your files backed up, it is possible to “rebuild” your computer using those saved files. If you’re familiar with the process, you can do this yourself. However, please be aware that your computer can infect other computers on your network so take the appropriate precautions.

You can also seek the assistance of our expert Geek Squad agents. You can come into the store for help, or we can come to your home or help you over the phone.

If my computer is infected, how do I avoid it infecting other computers on my network?
This form of ransomware can affect other computers on the same wireless or wired network. If you discover ransomware on your computer, you should power the device off immediately and take appropriate precautions before turning it back on. This would include turning off the Wi-Fi or unplugging any wired connections on any other computing devices in your home.

Click here for more information about Geek Squad Services.


WannaCry is Ransomware

WannaCry is a very nasty form of malware known as Ransomware. Where traditional computer viruses are dangerous, they usually leave your computer still able to function when infected. In fact most rely on your PC remaining functional so they can lurk in the background logging keystrokes, capturing account data, looking for credit card numbers and similar actions. These are serious problems, but at least you can run security software.

Ransomware takes a different approach. Instead of leveraging your PC as a gateway to stealing your personal information or randomly destroy a few files, it encrypts your storage, effectively rendering the PC completely useless. You can’t boot the PC to run security software and you can’t access any of your data. The only out is to pay a ransom to the cyber criminals behind the attack, usually in Bitcoin. In the case of WannaCry, unlocking an infected PC requires forking over roughly $300 U.S. worth of Bitcoins—or over $400 Canadian. If the ransom isn’t paid quickly, the amount demanded increases …

Because trying to decrypt a PC without the encryption key is virtually impossible, authorities usually end up recommending affected users either pay the ransom or accept the loss of their information and reset their computer to factory settings.

 

WannaCry is Different From Other Ransomware

As if ransomware wasn’t already bad enough, WannaCry takes it to a new level. At this point, researchers believe it is based on an exploit created by the U.S. National Security Administration (NSA) called ETERNALBLUE. So, it’s government-strength malware that’s gotten into the wild. And it takes advantage of a Windows file sharing vulnerability so once WannaCry infects one PC on a network, it seeks out and infects others—no need for phishing to try to trick a human into downloading it.

 

How Did it Infect PCs In the First Place?

It’s believed that WannaCry first began attacking PCs through e-mail attachments. Unsuspecting users opened the attachments, infecting their own PC. It then spread through networks using that file sharing vulnerability.

 

A Lucky Break + Microsoft Steps In

We caught a lucky break when a security researcher examined WannaCry code and noticed it makes a call to a strange-looking domain name. That domain was unregistered, he registered it himself and this effectively acted as a kill switch that has stopped the network propagation.

Microsoft had already released security updates that patched the wile sharing vulnerability in the latest versions of Windows a month ago. However, Windows XP—which is no longer supported—was not patched. WannaCry was infecting PCs running older versions of Windows, and computers where someone had turned off security updates. The company took the unusual measure of releasing a security patch for Windows XP and Windows 8 that shuts down the vulnerability.

How to Protect Yourself From the Next WannaCry

It looks as though the worst is over from the initial WannaCry attack. Fortunately, most of the computers that were affected were running Windows XP and the combination of that kill switch, Windows patches and heightened vigilance have combined to slow it.

However, one of the nasty things about malware is that it has a tendency to mutate and come back. In the case of something that was as successful as WannaCry, it’s inevitable that criminal elements are already hard at work on the next variation. So how do you protect yourself and your PC from becoming a victim of WannaCry, the next big ransomware attack or any other computer malware?

Keep Your Operating System Up to Date

Your first line of defence is keeping your computer’s operating system up to date. Whether its Windows or macOS, keep up to date. Microsoft and Apple incorporate critical fixes in their OS updates and sometimes push out specific security updates. WannaCry was the perfect example of how falling behind and running an outdated operating system can leave your system vulnerable.

Be Careful Online

Many security experts will point out that the weakest link in computer security is us. The people using the PCs. Virtually every malware attack starts with criminals sending phishing e-mails. They direct you to a fake (but official looking) website to trick you into entering critical information. Or the e-mail contains an attachment that when downloaded, infects your computer. That’s suspected to be the method WannaCry used.

When using your computer (or any connected device for that matter), you need to be vigilant. Be extremely wary of attachments, especially when the e-mail sender isn’t known. Even if you know the sender, watch to see if the actual e-mail subject and text sounds like a “cut and paste” generic message instead of something personalized—some malware e-mails itself to everyone on an infected PC’s contact list. Beware of generic messages from legitimate-looking sources. Your bank won’t ask you to log into your account with a “Dear customer” e-mail. Found a USB flash drive on the floor? Be wary about plugging it in to your PC as some malware arrives on thumb drives that are casually left lying around to be found.

Use Security Software

It’s not a perfect solution, but installing security software and regularly scanning your PC will definitely minimize your risk of being infected by malware.

Back up Your Computer to an External Hard Drive

The closest you can get to bullet-proof protection from Ransomware like WannaCry is to do a complete backup of your PC to an external drive. Don’t just back up your data, don’t back it up to a partition on your PC’s storage and don’t leave the external drive connected when not in use.

If your PC is encrypted by WannaCry or another ransomware variation, this solution lets you escape without paying and in only a few hours. You boot your PC from a recovery disk, wipe it down, then do a complete recovery from the external drive. This gets your computer back to the state it was in when you last backed up—and with no encryption.

Want to learn more about computer security and spotting phishing e-mails? Check out this post I wrote last year.

WannaCry was a wake up call for how fast ransomware can spread and the seriousness of the repercussions. You probably weren’t directly affected this time, but it should serve as a warning to be prepared. If you have any doubts about security software and a backup strategy, GeekSquad can help you out with professional in store setup. If you’re still using an old Windows XP computer, WannaCry should help make the case that it’s time to consider upgrading to a new Windows 10 PC. And don’t forget, if you have any concerns about your computer’s vulnerability to WannaCry and ransomware, you can bring it to Geek Squad at any Best Buy location for a free Ransomware Vulnerability Assessment and no-charge assistance with updating Windows.

Geek Squad
Our Geek Squad Agents are on a mission to set up, protect, support and repair your computers, home theatre, cell phones and more. We'll come to your rescue in-store, in-home or online.