UPDATED May 2017: WannaCry Crypto Ransomware | Latest issues affecting organisations such as the NHS

As some of you will have heard, some major organisations such as the NHS were affected by computer Ransomware on Friday (12/05/2017).

 What we know so far, and our advice:

– The main computers affected are those running older Operating Systems such as Windows XP (as Microsoft stopped releasing security updates for this product)

– A Windows Update was released back in March (for newer Operating Systems) to prevent this particular strain, if your computer has had recent Windows Updates applied to it, you are patched against this strain

– If in doubt, run Windows Update on your computer, and download and install any available updates

– Ensure your Anti-Virus software is up-to-date

It’s spread via email – never open email attachments / click on links in emails which you suspect might not be genuine – just delete the email

– If you accidentally delete a genuine email, the worst thing that will happen is, someone will no doubt call you about it

– If you have anything appear on their computer telling you that your files are encrypted, shut down your computer immediately to stop it spreading

Overall our advice remains the same as per the previous incidents of Ransomware – simply delete any email you’re unsure of and keep your computers up-to-date


UPDATED Late December 2016: Crypto Ransomware | It could lock you out of all your company data…

Crypto Ransomware is designed to download a program onto your computer, which then makes all of your files unaccessible.

It will then ask you to pay a ransom, normally using Bitcoin to get your files back (never pay the ransom…)

Crypto Ransomware is  spread around using email, using dodgy email attachments which make out they are invoices or letters.

It mostly comes in an email from someone you don’t know, and the email will have a generic subject to it, such as:

UPDATED Early December 2016 – A new strain is doing the rounds, via email, the details are:

  • It appears to be from office@YOURCOMPANY (e.g office@
  • It appears to be sent from a scanner/photocopier
  • It says your documents are attached which are a zip file or PDF



UPDATED October 2016 – Here are the latest email subject(s) for the .SHIT Crypto Ransomware:

  • Complaint letter


UPDATED August 2016 – Email subject(s) used for Crypto and Zepto:

  • Scanned image
  • Invoices
  • Statements
  • Emailing:
  • Copy:
  • Attached:
  • File:
  • Scan:
  • Scanned:

Don’t open the email or the attachment!

People make the mistake of opening the attachment, and that’s when all hell breaks loose. A slightly different one that we’ve seen is when the email claims to be from a bank or supplier, asking you to check the statement which is attached as a zip file or DOCM document. Again the lesson here is, if you don’t recognise it and you aren’t expecting it, DELETE IT! We’ve noticed you’re more likely to get one of these emails sent to a generic email address such as info@ or enquiries@ than a personal email address.


What it does to your files:

If you do open the attached files, you are allowing a program to run on your computer which will start locking you out of all your files on your computer, and on any network servers that you may have access to. It will rename your files, to something like .zepto / .crypto / .locky / .shit on the end and the only way of getting the files back (apart from a backup, we’ll get to that…) is to pay a ransom and hope they might be reverted back…

What to do if you find a Crypto file on your computer:

If you ever find what appears to be a Crypto file on your computer you should immediately turn it off and then contact your IT team / provider for assistance. If you leave your computer on, the worse the damage will become.

Why doesn’t my Anti-Virus software stop it?

It bypasses your Anti-Virus software because it simply encrypts your data. Encryption is perfectly legit… as long as you know the password to un-encrypt the data again…as I’m sure you can guess, this holds you to ransom and makes you pay to obtain the password.

However some strains can be picked up and stopped by Anti-Virus software, so ensure your Anti-Virus software is up-to-date.

Recovering from a Cryto style outbreak:

As mentioned above, there is no way of simply ‘undoing’ the changes, but any good IT provider will be able to help you with:

  • Rolling back your data from an onsite backup
  • Rolling back your data from an offsite backup
  • Rolling back your entire system to a point before the problem

Generally even with the right backups in place, you will still have a number of hours disruption whilst the magic is carried out and restoration takes place – but this is much better than days/weeks/not getting your data back at all.


To discuss protecting your business from ransomware:

This article was written by Gavin Moorhouse, owner of Lucid Computer Solutions, based in Redditch, Worcestershire, they don’t open emails they don’t recognise.

Comments are closed.