Receiving a Wannacry Ransomware alert
Last updated: July 27, 2017
We have been alerted that one or more of your devices has become infected with WannaCry ransomware, a type of malicious software that encrypts all the information held on your device and demands a ransom payment in order for the files to be unencrypted.
A device running on your home network has been identified as communicating with criminal infrastructure associated with the WannaCry malware. This means a device on your network is very likely to be infected.
When we suspect that a customer of ours has become infected with ransomware we will send them an alert giving an overview of the ransomware and advice on what to do next.
What has happened?
Virgin Media and its network are not impacted by the ransomware attack.
We work with a number of not-for-profit organisations across the banking industry and security sectors that collate information on devices across the Internet that appear to be infected by malware. They have notified us that a device on your home Internet connection (or one connected to your home network) is infected with malware.
It is therefore important that you follow the advice in this article.
What can I do about it?
We're here to help and if you have a basic knowledge of computers and connected devices there are a number of steps you can take to deal with this problem.
If a device on your network has already been encrypted by the ransomware, please follow the advice in Scenario 1. An encrypted device will display an on-screen prompt advising your files have been encrypted and can no longer be accessed.
Should none of your devices be showing signs of already being encrypted, it is crucial that you follow the advice in Scenario 2 immediately.
Scenario 1 – A device on my network has been encrypted Scenario 1 – A device on my network has been encrypted
If a device on your network is showing a display stating its files have been encrypted there is unfortunately a limited number of options available to you. We recommend you follow the advice in the article below, however please note this is generic advice and may not be specific to your infrastructure or setup. Please proceed with caution.****
- We don’t recommend you pay the ransom because not only will you will help the criminals get what they want but there is no guarantee that your files will be made accessible again. There is nothing stopping the criminals from taking your money and leaving your files in an inaccessible state
- Keep your important files in case a decrypting tool becomes available. Check nomoreransom.org* regularly to see if they have released
- If you have a backup of your system then restoring your system from backup should get things back to normal
For more information on ransomware and how you can protect yourself in future please visit nomoreransom.org*
Scenario 2 – None of my devices are displaying a WannaCry encryption screen Scenario 2 – None of my devices are displaying a WannaCry encryption screen
If none of your devices are displaying a WannaCry encryption screen we recommend you follow the advice below. Please note this is generic advice and may not be specific to your infrastructure or setup. Please proceed with caution.****
Perform a Windows Update
Keep your operating system and application software up-to-date. The WannaCry ransomware spreads using a vulnerability in outdated versions of the Windows operating system.
Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.
Check to see if your device has a virus
The best way to do this is by using an online virus scanner, some good free ones are:
Use your Internet Security package to remove the virus
If you have an existing security package installed, please consult the instructions on how to remove infections from your device.
If you don't have an existing security package, F-Secure SAFE is included free of charge for 12 months with your Virgin Broadband and can be used on PC, Mac and Android devices to remove infections.**
You can register for F-Secure SAFE by signing into your account at virginmedia.com/myvirginmedia and going to My Apps. Once downloaded and installed it will immediately run a scan of your device.
Back up your important data
If you haven’t done so already, regularly backup all your information. If the data is stored elsewhere, it will be easier to restore in the case of a future ransomware attack.
Scenario 3 – I administer a network of Windows systems (Advanced) Scenario 3 – I administer a network of Windows systems (Advanced)
If you are a Windows system administrator with a number of systems vulnerable to this attack on your network, we recommend you read the advice below. Please note this is generic advice and may not be specific to your infrastructure or setup. Please proceed with caution.****
Deploy the relevant security patches on your Windows systems
The NCSC advise the following steps be performed in order to contain the propagation of this malware:
- Deploy patch MS17-010 here: technet.microsoft.com/en-us/library/security/ms17-010.aspx*
- A new patch has been made available for legacy platforms, and is available here: blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks*
- If it is not possible to apply this patch, disable SMBv1. There is guidance here: support.microsoft.com/en-us/help/2696547*
- and/or block SMBv1 ports on network devices [UDP 137, 138 and TCP 139, 445]
If these steps are not possible, propagation can be prevented by shutting down vulnerable systems.
For more information see: ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance*
Change passwords for all your accounts
Once the malware has been removed, you should change the passwords for all the online and email accounts you use.
If any of your passwords were obtained by a malicious third party as a result of the malware infection, it is highly likely they attempted or will attempt to use the same passwords across as many websites and online services as possible, in the hope that the same passwords is used for other accounts you use online.
When changing your passwords, it is important that you use different passwords for all your online accounts and pick strong passwords that are difficult to guess. For more information, please visit virginmedia.com/strongpassword.
Activate Web Safe
In order to avoid future infections it is recommended that you turn on Virus Safe, which is available as part of our free Web Safe service which can be found within My Virgin Media. Web Safe will help you block access to web sites known to be infected or to distribute Malware. To access Web Safe just sign in to your account at virginmedia.com/myvirginmedia and select My Apps.
Check your contact email address
It is important to provide an up to date contact email address to enable us to advise you of any significant issues that may affect the use of your Virgin Media services. To update your contact email address simply sign in to your account at virginmedia.com/myvirginmedia and select My Profile.
How do I know I’m now safe?
If you have followed the above advice & the scans come back clean you can be confident that you have resolved the issue.
If you would like further advice or to verify that this letter is a genuine Virgin Media communication then our forum community will be happy to help. Just visit virginmedia.com/community and join the conversation on our Security Matters board.
If you are unable to fix this issue yourself we advise that you seek the advice of our Gadget Rescue*** service or contact a reputable computer repair shop for a payable service to help secure your connection. For more information on how our Gadget Rescue service can help please call 0800 014 7398 or visit virginmedia.com/gadgetrescue.
Where can I find further information and advice?
You can find general security advice and articles on other vulnerabilities by checking Security Hub.
Get Safe Online is the UK’s leading source of unbiased, factual and easy-to-understand information on online safety. This is a unique resource providing practical advice on how to protect yourself, your computers and mobile devices against fraud, identity theft, viruses and many other problems encountered online - getsafeonline.org/*
* These links to external sites are provided as a courtesy and we are not responsible for the content of these sites or any problems encountered whilst applying these steps and we are not able to provide any technical support for such problems.
** F-Secure SAFE is included free of charge for 12 months with your Virgin Broadband. If you're happy when the year is up you can continue with F-Secure SAFE for just £7.50 every three months, or £25 for the year.
*** Minimum system requirements and Acceptable Use Policy apply. Gadget Rescue is available on a monthly subscription basis (6 month minimum term applies) or as a "One-Off Fix" service. Gadget Rescue terms and conditions apply.
**** These fixes are provided as a courtesy and we are not responsible for any problems encountered whilst applying these steps and we are not able to provide any technical support for such problems.