Great content delivered right to your mailbox

Thank you! Check your inbox for our monthly recap!

A lot of our clients and partners are asking questions about the WannaCry ransomware that ripped through parts of Europe and Asia earlier this month. They want to know if Sherweb is protected from this attack. And they want to know how they can protect themselves.

 

What are ransomware and WannaCry?

Like all ransomware, WannaCry encrypts all the files on your computer. The software demands a ransom in return for the encryption key that will allow your files to be decrypted. In the case of WannaCry, the price doubles after three days and threatens to delete the files completely after seven days.

WannaCry is a bit different than a lot of ransomware in that it infects your computer like a worm. It does this by exploiting a recently patched security flaw in SMB, a network drive protocol implemented by Microsoft Windows. The patch was released in North America last March. Microsoft has also published some specific customer guidance about WannaCry.

Infected Computer by WannaCry Ransomware
An infected NHS computer in Britain – Gillian Hann

 

Is Sherweb safe from WannaCry ransomware?

Sherweb’s services are well protected against such threats thanks to multiple layers of security. Without going into specifics, we can tell you that our security ranges from running anti-virus software to simply making our sensitive servers unreachable to anything but our own services.

In the case of WannaCry, we had already applied the security update mentioned above, thanks to our rigorous security process. Even then, the servers containing our clients’ data are not exposed to the internet and no one can log in to them and use them to open emails or files. These measures are in place to protect us when new and, previously unidentified, threats start wreaking havoc.

 

What if I get infected by WannaCry ransomware?

Although there are many things you can do to prevent infection by ransomware and other cyberattacks, it’s crucial that you have a solid contingency plan.

In the case of WannaCry, if you pay the ransom it will decrypt your files. However, it will also install a backdoor called “DoublePulsar.” This means that while your system will appear to have recovered, you will still be vulnerable to future attacks.

The United States Computer Emergency Readiness Team (US-CERT) recommends  that you have a well-documented and tested backup plan. This is the only way to retrieve a copy of your data before the infection occurred. It also helps to ensure there are no surprises left by the ransomware. The US-CERT also points out that local backups are not sufficient protection because they are often targeted by ransomware.

 

Use online backup to protect your data from ransomware

One way to keep your data safe is to use an online backup software.

This will minimize any chance that an infection at your office or datacenter will affect your backups, allowing your business to recover quickly.

 

Teach, patch, plan

In conclusion, you have to use all lines of defense available to protect your organization from cyberattacks. Of course, the first line of defense is to educate ALL staff in your organization.

Take the time to have informative sessions, make cybersecurity part of employee onboarding and consider formal phishing training.

After that, apply the traditional pillars of security. Make sure you are following a strict patching process, disable all services that aren’t being used and plan for the worst.

Written by Guillaume Boisvert Director, Product Innovation @ Sherweb

Guillaume identifies and evaluates new solutions and product features that help Sherweb and its partners grow and compete. Responsible for the growth and development of Office Protect, Sherweb’s security add-on for Microsoft 365, Guillaume leads the team responsible for building and commercializing the company's in-house security offering. He has almost two decades of experience developing software-as-a-service (SaaS), both as a technical lead and as a product manager.