SingCERT issues advisory on actions to take if you get hit by the WannaCry virus

The exploit can infect machines running unpatched versions of Windows by taking advantage of flaws in Microsoft Windows' SMB (Server Message Block).
The exploit can infect machines running unpatched versions of Windows by taking advantage of flaws in Microsoft Windows' SMB (Server Message Block). PHOTO: REUTERS

SINGAPORE - The global ransomware - dubbed WannaCry - that first surfaced last Friday (May 12) is expected to hit Asia hard on Monday.

While the true extent of the damage caused so far remains unclear, the latest estimates place it at over 200,000 victims in at least 150 countries.

In Singapore, a company that supplies digital signage, MediaOnline, was rushing to fix its systems after a technician's error led to 12 kiosks being infected in Tiong Bahru Plaza and White Sands.

Here's a guide from the Cyber Security Agency's SingCERT (Singapore Computer Emergency Response Team) on what to do if you become a victim.

Why is it dangerous?

The hackers leverage on a Window exploit developed by the US' National Security Agency called EternalBlue, which was reportedly leaked and dumped by the Shadow Brokers hacking group last month.

The exploit can infect machines running unpatched versions of Windows by taking advantage of flaws in Microsoft Windows' SMB (Server Message Block).

 

Once a single computer in an organisation is hit by WannaCry, the worm looks for other vulnerable computers within the network to infect.

How can it be prevented?

Microsoft released a patch (MS17-010) for the vulnerability in March. Those who have not patched their computers should so immediately.

Like any other ransomware infection, you should be suspicious of uninvited documents sent through e-mail.

Avoid click on links inside such documents unless their sources have been verified.

Always make a back-up of your important files and documents, and ensure that you run an active anti-virus security suite of tools on your system.

Most importantly, browse the Internet safely.

What if I get infected?

While there is no known way to recover files encrypted by WannaCry, don't panic.

Start by removing the network connection (either remove the network cable or shut down your computer's wireless function) from your computer to prevent the spread of WannaCry.

Rebuild your affected computer before patching it with the recommended patch and restoring your system from the backups made previously.

Those who need further assistance can contact SingCERT for advice.