May 15, 2017

Safety Information for ransomware attacks: May 2017

On Friday the 12th of May,  a ransomware attack hit global computer systems which has affected 200 000 computers in 150 countries. It is possible that new versions of the worm virus could be released, and businesses all over the world have been encouraged to fortify their data systems. As Monday dawns all over the world, this cyber attack is being touted as the biggest global ransomware outbreak to date.

If you have been compromised, please log a ticket with our support team through the Control dashboard
or contact Probax Support directly on 1300 885 117

Vital Information:

  • The Malware is known commonly as "WannaCrypt" or "WannaCry"
  • It is a worm virus - a standalone malware computer program that replicates itself in order to spread to other devices. It is a type of malware that propagates by inserting a copy of itself into and becoming part of another program. It spreads from one computer to another, leaving infections as it travels. Almost all viruses are attached to an executable file, which means the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious host file or program. When the host code is executed ( / the file is opened) , the viral code is executed as well. (Source: Cisco)
  • It is ransomware - a virus that requests ransom payment in currency for the return or decryption of vital data. WannaCrypt locks computers, demanding US$300 - $600 ransom per machine to be paid in cryptocurrency Bitcoin to unlock devices.
  • The malware email contains a PDF attachment embedded with a malicious macro. The body of the email contains no information other than an instruction to ‘Please open the attached file’. (Source: Craig McDonald, ARN)
  • Windows XP  has been identified as highly susceptible to this malware, and Microsoft have issued a special update, despite XP being at the End of Extended Life (EOL) support. More vulnerable operating systems have been listed below.
  • Medical, Health, Transport and Telecommunications industries have been impacted globally and all industries remain on high alert.
  • Only one case in Australia has been reported; this was a small business, part of non-critical  infrastructure.
  • At this initial stage, not thought to be a targeted attack, but simply that the ransomware was seeking organisations and systems running on susceptible devices.

Wannacry hack ransomware demand screen

The WannaCry Ransom demand screen displayed by WannaCry Trojan (Image: Symantec Security Response)

Ransomware infect screen

This is what the victim’s wallpaper is changed to following a breach (Image: Avast Software)


List of Operating systems vulnerable to attack:

  • Windows 7
  • Windows Vista
  • Windows Server 2003
  • Windows Server 2008
  • Windows XP


What to do if you are affected:

  1. Do not open any unfamiliar emails which ask you to open an attachment - always be sure to check the sending email address, and report any suspicious domains as Junk / SPAM  or Phishing Scam.
  2. If you are affected by any ransomware or malware, do not pay the ransom  - we strongly recommend against taking this action, every payment made to hackers through ransomware helps attackers evolve their code and techniques for future attacks.
  3. Reformat your hard drive - If your device has been infected with malware, you will need to wipe your hard drive to remove all encrypted files.
  4. Update your Windows system - If your system is running on Windows XP or an equally old system, it is strongly recommended you upgrade as soon as possible. Updating your version to Windows 10 will close more of the loopholes hackers can use to potentially exploit your critical data.
  5. Restore your backed up files - your system backup software should be able to restore your files to your computer, or contact your system administrator to restore your files.

If you have been compromised, please contact Probax Support directly on 1300 885 117
or log a ticket with our support team through the Control dashboard