Symantec users protected against WannaCry ransomware

• WannaCry encrypts data files and ask users to pay a US$300 ransom in Bitcoin. The ransom note indicates that the payment amount will be doubled after three days. If payment is not made after seven days, the encrypted files will be deleted.
• WannaCry has the ability to spread itself within corporate networks, without user interaction, by exploiting a known vulnerability in Microsoft Windows.

Source: Symantec blog post. The Wcry display screen.

Symantec has reassured customers that Symantec and Norton customers are protected against the latest global ransomware attack that stars the WannaCry (also known as WannaCrypt and WCry) malware. As of the time of writing, the ransomware, a new variant of the Ransom.CryptXXX family, has been detected in over 100 countries including Singapore, Indonesia and India.

In 2016, Singapore ranked 8th regionally for ransomware, the same position as in 2015. It is the 24th-most targeted country globally for ransomware in 2016, up from 42nd in 2015, accounting for 0.5% of ransomware infections on unique machines.

 

"Customers should run LiveUpdate and verify that they have the following definition versions or later installed in order to ensure they have the most up-to-date protection - 20170512.009", the company shared in a blog post.

Nick Savvides, Security Advocate, Symantec Asia Pacific and Japan, has the following advice for users:

Once the encryption process starts, there is little the user can do, as it happens very quickly

"It is unlikely that the user will notice the ransomware is encrypting until it’s too late. If the user realises in the seconds after running the malware, they may attempt to power off the machine, then use an external boot disk to boot the machine and run a cleaner tool like Norton Power Eraser. This may prevent the ransomware from encrypting all the files," Savvides said.  

Any computer that has been infected should not be trusted

Security tools like Norton Power Eraser, or Norton Internet Security may be able to remove the infection but the files will still be encrypted. "It is always best to restore the computer either from a backup, or reset to factory using a recovery disk and then immediately update and apply all patches," Savvides advised.

"These are important steps, as we have seen ransomware, that not just ransoms the users’ files, but also installs banking Trojans to clean out the users’ bank accounts, typically capturing the users’ banking details when they log into their bank to pay the ransom. If the backups were not encrypted by the ransomware, it is unlikely that the files were infected."

Symantec recommends affected users not pay any ransom

"Paying criminals is never recommended, as it feeds them and rewards them for their crimes. There is also no guarantee that your files will be released back to you," Savvides said.

Other best practices for protecting against ransomware include:

• Always keeping security software up to date
• Keeping the operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
• Be wary of unexpected emails especially if they contain links and/or attachments.
• Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
• Backing up important data is the single most effective way of combating ransomware infection. Organisations have to ensure that backups are appropriately protected or stored off-line so that attackers cannot delete them.
• Using cloud services could help mitigate ransomware infection, since many retain previous versions of files, allowing subscribers to “roll back” their operations to the unencrypted form of their files.

According to the Symantec Internet Security Threat Report, Volume 22:

• The average ransom per victim grew to US$1,077 in 2016, up from US$294 in 2015, a 266% increase.
• Ransomware attacks grew to 463,841 in 2016, up from 340,665 attacks in 2015 (a 36% increase).
• One in 131 emails contained a malicious link or attachment in 2016, the highest rate in five years.
• There was a twofold increase in attempted attacks against IoT devices over the course of 2016 and, at times of peak activity, the average device was attacked once every two minutes.