• United States



Contributing writer

Be wary of fake WannaCry fixes

May 23, 20173 mins

When the WannaCry malware hit, users scrambled for fixes. But some solutions were just malware in disguise

phishing threat
Credit: Thinkstock

When the WannaCry ransomware hit, many users were scrambling for fixes — but some of the proffered solutions were actually just more malware, in disguise.

Security experts recommend that companies stick with their existing security vendors and established update processes, and be careful about downloading fixes that they come across on the Internet.

“They’re really exploiting everyone’s fears,” said Adam Malone, director of cyber investigations and breach response at New York-based PwC.

Legitimate vendors aren’t going to send out alerts via viral social media posts, he said. And patches usually don’t require a download.

“They are typically provided through the vendor’s update software,” he said. “In this particular case, the patch is provided by Microsoft officially through its Windows update service.”

To get the patch, all users have to do is run their Windows Update program.

Similarly, antivirus vendors distribute new signatures automatically through software updates, he said.

“They are never distributed through a link or text message or social networking site,” he said.

And in those cases where a patch does need to be downloaded, or users opt to do manual update, they should be sure that they’re at the official vendor website, and not on some third-party site.

For example, Microsoft has released updates to older versions of its operating system, as well as to its Malicious Software Removal Tool, and posted the download links on this blog post.

Some scammers will even try to sell patches, said Cathie Brown, VP of governance, risk and compliance at Richmond, Vir.-based technology consulting firm Impact Makers, Inc.

“Whenever there’s a large scale hoax or malware attack released we see fake fixes,” she said. “Just like ransomware, it’s easy to code and spread a fake fix — it can quickly become profitable.”

Don’t fall for it.

“Any reputable security or computer company isn’t going to try and sell patches to malware vulnerabilities when you can get it free for Microsoft,” she said.

There were even apps popping up in third-party app stores offering WannaCry patches, said Damien Hugoo, director of product management at Doral, Fla.-based Easy Solutions, Inc.

“WannaCry doesn’t even affect mobile devices,” he added.

Cyber criminals running phishing attacks are also using WannaCry to get users to click on malicious links.

For example, in the UK, where the National health Service was hit hard by the virus, users received an email purporting to be from BT that asked them to click on a link to confirm a security upgrade.

Another phishing email pretended to come from LogMeIn, Inc., known for its GoToMeeting, GoToMyPC, LastPass and LogMeIn products. According to the company’s blog post, this email told users that they were already infected with WannaCry, and needed to update their LogMeIn software by clicking on a link that seemed to go to the official site. The return address showed “ Auto-Mailer” for the name — but had an actual return address that was a string of random characters.

Another scam is to send out a message that tells users that they’re infected and asks for money — but doesn’t actually infect their computers or encrypt their files. That means a lot less work for the bad guys.

“There’s a low cost to criminals to put those messages out there,” said PwC’s Malone.