WannaCry / Wcry / WannaCrypt Ransomware

Also known as WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, or WCRY, this ransomware spreads by exploiting a vunerability in the Windows Operating system. The first iteration of this ransomware was slowed by a "kill switch" but new version of the ransomware have been released since that do not have a "kill switch" built in. Tracking of the spread of this ransomware can be found here: https://intel.malwaretech.com/botnet/wcrypt/?t=24h&bid=all

What HAPPENS WHEN YOU ARE INFECTED?

Once infected, WannaCry also scans for other vulnerable unpatched computers connected to the same network, as well scans random hosts on the wider Internet, to spread quickly.

The ransom is $300 in bitcoins and you've got 3 days to pay before it doubles to $600. If you don't pay within a week then the ransomware threatens to delete the files altogether. This is not easy process and there is no guarantee that payment will result in files being decrypted. 

how do i know if i'm infected?

if you see this or a similar application running on any of your systems, please Contact ATS Immediately (08) 9328 7199 and shutdown the offending computer.

WannaCrypt-ransom-executable.png

how do i prepare and prevent the spread

The best course of action is to ensure that your computer systems are patched immediately. Microsoft has released a number of patches for this exploit. Your backups should also be checked that they are operating correctly.

 Current spread of infection 16/05/2017

Current spread of infection 16/05/2017