NCCIC has received
multiple reports of WannaCry ransomware infections worldwide. Ransomware is a
type of malicious software that infects and restricts access to a computer
until a ransom is paid. Although there are other methods of delivery,
ransomware is frequently delivered through phishing emails and exploits
unpatched vulnerabilities in software.
Phishing emails are
crafted to appear as though they have been sent from a legitimate organization
or known individual. These emails often entice users to click on a link or open
an attachment containing malicious code. After the code is run, your computer
may become infected with malware.
A commitment to cyber
hygiene and best practices is critical to protecting organizations and users
from cyber threats, including malware.
In advice specific to the
recent WannaCry ransomware threat, users should:
·
Be careful when clicking directly on links
in emails, even if the sender appears to be known; attempt to verify web
addresses independently (e.g., contact your organization's helpdesk or search
the Internet for the main website of the organization or topic mentioned in the
email).
·
Exercise caution when opening email
attachments. Be particularly wary of compressed or ZIP file attachments.
·
Follow best practices for Server Message
Block (SMB) and update to the latest version immediately. (See US-CERT’s SMBv1 Current Activity for more information.)
For general best
practices on patching and phishing, users should:
·
Ensure that your applications and operating
system has been patched with the latest updates. Vulnerable applications and
operating systems are the target of most attacks. (See Understanding Patches.)
·
Be suspicious of unsolicited phone calls,
visits, or email messages from individuals asking about employees or other
internal information. If an unknown individual claims to be from a legitimate
organization, try to verify his or her identity directly with the company.
·
Avoid providing personal information or
information about your organization, including its structure or networks,
unless you are certain of a person's authority to have the information.
·
Avoid revealing personal or financial
information in email, and do not respond to email solicitations for this
information. This includes following links sent in email.
·
Be cautious about sending sensitive
information over the Internet before checking a website's security. (See Protecting Your Privacy.)
·
Pay attention to the URL of a website.
Malicious websites may look identical to a legitimate site, but the URL may use
a variation in spelling or a different domain (e.g., .com vs. .net).
·
If you are unsure whether an email request
is legitimate, try to verify it by contacting the company directly. Do not use
contact information provided on a website connected to the request; instead,
check previous statements for contact information. Information about known phishing
attacks is also available online from anti-phishing groups such as the APWG.
·
Install and maintain anti-virus software,
firewalls, and email filters to reduce some of this traffic. (See Understanding Firewalls, Understanding Anti-Virus Software, and Reducing Spam for additional information.)