Outbreak WCry/WannaCry Ransomware

Friday evening, various organizations worldwide were victims of a ransomware called WannaCry (WCry). The virus targets both organizations and individuals. In Europe the United Kingdom, Spain, and Russia, among others, are severely affected. In Belgium, the situation is monitored closely.

What should you do to not become a victim of this virus?
- Never open the attachment of a suspicious mail (for example, when it comes from an unknown sender or when your bank asks you unexpected questions).
- Patch your systems (for this virus: patch MS 17-010 ; https://www.us-cert.gov/ncas/current-activity/2017/03/16/Microsoft-SMBv1...).
- Take regular backups and verify if it stores all your information. Test whether this backup can be restored, and make sure that the backup is only temporarily connected to the device so that the ransomware can not infect the backup.

The Spanish CERT developed a tool that prevents the execution of the virus on your computer. You can download it from: https://www.ccn-cert.cni.es/en/updated-security/ccn-cert-statements/4485...

If you would like more information about ransomware in general, you can consult the following document (available in Dutch and French): Ransomware, how to protect and respond. Also, the website www.nomoreransom.org provides an overview of ransomware that has already been decrypted.

CERT.be wrote an advisory on WannaCry and is available for download here: WannaCry Advisory.

Are you a victim of the virus? Please report via cert [at] cert [dot] be.