15 May 2017:
I’m sure you will have heard or read about the ‘Massive Cyberattack’ that hit the world news late on Friday, but just in case you haven’t, here are some things you need to know.
Summary of what happens:
Q: “Are we at risk?”
A: Yes. But no more than you were on Thursday or earlier in the week or month. There are many other malware / viruses that infect in a similar manner. The biggest risk comes from users opening emails, opening attachments and clicking links on emails containing a link to the malware.
Providing the necessary support to users to educate them in the mindful handling of emails is in my opinion the best (and cheapest) form of defence to most of these attacks.
Caduceus can assist with staff training in this area if you require.
Also if you have doubts about any email you can forward it to email@example.com and we will investigate and comment.
Q: “If we suspect infection what should we do?”
A: With these types if malware, speed and decisive actions can really help mitigate the impact of an infection.
Key indicators that you have become infected is that a) a file you could open previously you suddenly can’t see or can’t open, b) your PC may start running very slowly.
Certainly if you encounter the first indicator, the first step should be to isolate the infected PC as quickly as possible. This can limit the infection and save many many hours (even days) of recovery effort. Your actions may extend as far as quickly shutting off all PC’s on the network – especially until the infected PC can be located and isolated.
Calling Caduceus for assistance would be our next recommended action. We can assist in identifying if you do have an infection, locating the machine and starting recovery efforts.
Q: “How do we recover from an infection?”
A: There are currently no known ways to reverse the encryption of files aside from paying the ransom or restoring from backup.
Depending on how many files get encrypted and the backup mechanism you use, it can take several days to complete a restore from your last successful backup.
For further information, here are a few reference articles:
The website https://intel.malwaretech.com/ provides a global summary of detected Malware attacks.
I’m sure there will be more reports and information that comes to hand on Monday.
If you would like to discuss any of the above please contact Caduceus Support (firstname.lastname@example.org)