OMG this new ransomware is spreading FAST!

Be aware you will hear in the news about a new massively-viral malware spreading in Europe right now.  Outlets such as The New York Times and Washington Post are jumping into the fray on this with little to no information. The news stories began flying out around 6am on June 27, 2017.  While the method of infection is not yet known, we do know it is behaving as a worm.  That is to say once a node is infected that node begins trying to infect other nodes.  Reports stated the infected computer will show a screen designed to mimic a “chkdisk” process to entice the user to not power off.  News stories from big outlets are popping up all over making this seem huge.  ALL refer back to how bad wannacry was; likely in attempt to seem like one of the 'first' to report the issue.

An example of a mimic chkdisk screen

The reality is the spreading malware was first identified by Kaspersky labs back in March of 2017.  AV vendors have noted this has been spreading for about a week: it did not begin this morning.  The reason this is big news.. suddenly… is similar to the reason wannacry got so much attention:  Government and big business are being hit and consumers are noticing the outages. 

  1. How is it getting the initial foothold? 
  2. How does it spread automatically? 

These are questions yet without answer.  Here is my theory.  As to the second question I have no doubt we are seeing yet another weapon created by a nation state leaked to not-so-savory hands.  [Ding! EternalBlue plus a word exploit] As to the first I’ll hazard a guess that social engineering and phishing are the key tools [Nope. Started as a hack of the Ukrainian Government's demanded tax software ... allegedly.

Thus, to protect ourselves we need to simply do as we have always been instructed: Think before we click.  Always do the following.

Question EVERY attachment. 

In a world where anything can be digitally spoofed the idea that some people can be trusted is a misnomer.  NEVER OPEN ANY ATTACHMENT UNLESS YOU WERE EXPECTING IT.  If you do feel the desire to risk your company (thus your own job) ending over a cyber-attack you helped enable… please first use text or a phone call to that person to verify they actually sent the file intentionally.

Question EVERY link in any email. 

Hover over the link, see if the URL shown matches the text you hover over.  When in doubt; use your phone to question your way out.


to the language used in the email.  If the email is trying to create a sense of urgency, be even more cautious than you should already be.  If the email promises you something in return for clicking, be wary.  If the email in any way seeks to elicit an emotional response… be extremely wary.

Focus on the task at hand 

There are more reasons for this than lack of productivity.  That cute video your friend sent of the cat pushing things off the table could well have bugs hidden inside it or it could be harmless.  Unless your job is the study of things cats push off tables… the risk should not be taken where it could literally cause hundreds of people to suddenly have no means to feed their children.

Update your computer and all your applications.

Turn off cable news. 

You are not the consumer you are the product.  The advertisers are the customer of the news agencies.  You are the product being sold.