OMT issued a critical update for our Windows computers to resolve an exploit leveraged by a ransomware called “WannaCry”.  The Guardian has published a fairly comprehensive article which may help you understand the impact of this type of malware.  The article contains some helpful general information, but what about us, here at the Florida Museum?  This message contains a lot of information, but please bear with us, as the advice here can go a long way to prevent a data disaster.

What is WannaCry?

WannaCry is also known by the names WanaCrypt0r 2.0, Wanna Decryptor 2.0, WCry 2, WannaCry 2 and Wanna Decryptor 2.  It is a ransomware type of malware. It blocks access to a computer or its data and demands money to release it.

Who is vulnerable?

WannaCry affects versions of Windows as far back as XP! Official support for Windows XP ended on April 8, 2014, but the seriousness of this exploit is so great that Microsoft issued a Windows XP patch (as well as patches for all versions of Windows since).  As of the date and time of the NHS attacks, most museum computers were already patched against the exploit. OMT issued an emergency BigFix action today (May 15) to update the remaining computers ASAP.

How does it spread?

Most ransomware is spread hidden within Word documents, PDFs and other files normally sent via email, or through computers already affected by certain viruses. Once a computer is infected, all files on that computer and all files on any attached network drives can be affected.

What can I do to avoid victimization?

The best offense is a good defense, so please remain vigilant!

  • Be suspicious of all email attachments, and only open the ones you are expecting, and only from trusted sources. If you are unsure, please contact OMT.
  • Don’t click on any pop-up or link you are not confident about. If you are unsure, please contact OMT.
  • Please diligently apply Windows updates as they are issued by OMT.

In a nutshell, if you’re unsure, please contact OMT!  Even if it turns out to be nothing, spending a few minutes looking over your shoulder is much better for us than the long nights and weekends it would take to recover the museum’s data from a malware event.

What if I fall victim?

If you think you may have accidentally fallen victim to a ransomware exploit, or any other kind of virus/malware:

  • PULL THE PLUG!  Don’t wait for OMT. In these cases, minutes or even seconds can make all the difference
  • Laptop? If it has one of those “airplane mode” switches, flip it! Close it. Unplug it. Remove the battery.
  • Then call OMT right away and give us as much information as you can recall about what happened.

OMT will not judge you or blame you in any way for falling victim. These methods are sneaky and are designed to prey upon your sense of what is normal and familiar. We want to be involved ASAP so we may have the best chance of minimizing the impact to the rest of the museum.

What happens if WannaCry gets into the Museum’s IT systems?

OMT has experience with this type of malware, and has a contingency plan that leverages our nightly backups.  Please note that in the event of a ransomware event, OMT will only be able to restore data stored on our network drives. If you have data that is only stored on a workstation, please contact OMT for advice and direction on how to use network storage instead.

What about my computer at home?

Microsoft has issued a helpful bulletin giving advice for avoiding WannaCry attacks.  In a nutshell:

  • Make sure you Windows computer is completely up-to-date.
  • Use anti-virus software, and make sure that it and it’s virus definitions are up-to-date. Windows 8.1 and Windows 10 have Windows Defender built in, which will protect you from the current known variants of WannaCry.
  • Use the same vigilance at home that you would at work.