Wannacry, the worst ransomware in history, is preventable.

Last week, the Wannacry ransomware infected 200,000 computers. It started infecting Britain’s hospitals. We soon learned it was international. A client asked me about it.

How to get infected.

Here’s what I wrote:

For a company to be victimized by the Wannacry ransomware, they needed:

1. At least one Windows workstation more than three months behind in its updates. Microsoft published a security update to nullify WannaCry and similar ransomware back in March. My predecessor intentionally suppressed Microsoft updates. I cleaned up that bad practice back in 2015. If we continued suppressing updates, Wannacry would have infected us.
2. Someone at that workstation clicked a link in a phishing message. This downloaded the worm and encrypted files on the network.
3. An old, unsupported operating system. Windows XP workstations did not receive a fix. Microsoft stopped supporting this OS years ago. Why someone is running an old, unprotected OS…is tough to justify.

Network admins could have avoided this. I feel sorry for those network admins. I am sure the boss called them and asked why their security practices are so weak.

Where is your vulnerability?

Does your network admin protect you from Wannacry and other ransomware attacks? Let me ask:

1. Microsoft Update status current?
2. Running Windows 10, Microsoft’s most recent workstation operating system?
3. You and your staff vet e-mail links and therefore avoid naively clicking links?

I hope the answer on all is YES! If you’re not sure, you need to hire a third party, like Cameron Park Computer Services. We verify your updates and also deliver security awareness training. Check back here often. This is what we do. Wannacry did not infect any of our clients.