Important Message to Friends and Clients Regarding Cybersecurity
There is a very serious cyberattack occurring all over the world currently. Already hundreds of thousands of computers, networks & systems have been impacted and we are now faced with variants of the original attack that are already spreading.
The latest news/information can be found here:
Although analysts, researchers, software companies & cybersecurity specialists have been quick to act since the original attack, there is still a great amount of risk with the variants of the ransomware that have been released over the weekend. This means that even though there is some amount of protection from anti-virus and anti-malware companies, the variants are likely different enough that full protection cannot be guaranteed.
Symantec’s release about WannaCry:
MalwareBytes’ release about WannaCry:
Although both of these companies indicate that their software has protection, the variants of the original WannaCry ransomware may lead to very quick and very effective infection of many more systems.
Based on the details of the underlying vulnerability and the construction of the ransomware kit, here are a few mitigating factors for your systems:
- You have a very powerful firewall blocking access to nearly all of your internal systems.
- Your Symantec Anti-Virus & MalwareBytes software packages have some protection (detection and containment) of WannaCry. As indicated though, variants have been released and full protection cannot be guaranteed at this time.
- eKeeper SPAM is filtering all of your email before it is incident on your system. Like #2 above, this provides a great amount of protection but not complete protection.
- eKeeper has deployed additional technologies within your system to detect the most common forms of ransomware activity. These technologies connect directly to the eKeeper NMS alerting system which allows us to be notified very quickly of suspicious behavior within your system.
- You have multiple levels of backups that are protected (offline).
- The critical updates from Microsoft (patching the underlying vulnerability) have been approved and installed on your system for several weeks now. The major point of concern with your systems is Windows XP. If Windows XP is still an active part of your deployed computer base, you are at heightened risk because there are no mainstream updates to resolve the underlying vulnerability. Microsoft has released patches for Windows XP at this point, but they must be manually installed since Windows XP is not a supported operating system any longer.
What you can do to minimize your potential risk:
- Pass this information on to all your staff. The ransomware is being deployed via email and/or web links. Do not open attachments you are not expecting. Do not click on links that you do not need to click.
- Encourage your staff to ask questions if they are unsure of anything they receive via email or otherwise. Additionally, if an attachment is received unexpectedly from someone you know, verify with them that they indeed did send it to you intentionally. Many systems may be compromised and a particular variant may mine contact lists and begin self-generating malicious emails on the user’s behalf.
- Forward anything suspicious to firstname.lastname@example.org. We are actively working with local security firms to better understand and unravel the operation and replication of the variants.
- Be brave. Although this is a very important situation, we cannot live in fear. Do your jobs, live your life…but be cautious and use sound judgment. Empower your employees to do the same…
- Notify us immediately if you or a staff member experiences any strange behavior.
We will do everything we can to help protect you from this threat and we are always here to answer your questions or concerns. We encourage you to share this email with your staff…and as many people as you know…
Please feel free to reach out to us with any additional questions or concerns. We are always here to help.