Last week, a massive ransomware attack using stolen NSA hacking tools disabled an estimated 200,000 computers in more than 150 countries. The ransomware, known as WannaCry, severely affected organizations around the globe, including FedEx, the British National Health Service, car makers Renault and Nissan, and the Russian Interior Ministry.
Like other ransomware, WannaCry encrypts files on the infected computers, making these files inaccessible, and only releases the code to unencrypt the files when the user pays a $300 bitcoin ransom. It’s unknown how many companies have paid or plan to pay the ransom, but with critical data like patient records on the line and production lines shut down, companies have often chosen to pay up rather than lose those records forever.
What is, perhaps, most disappointing with this most recent attack is that it was 100% preventable. All the infected machines were running outdated versions of Windows XP or Vista that are no longer being supported by Microsoft. The risks of continuing to use these versions of Windows were well known (and we warned of the need to stop using XP back in 2014), yet organizations failed to take prudent measures to keep their systems up to date. Now they, and in many cases “we”, as customers and clients, are paying the price.
The good news here, to the extent there is good news, is that protecting ourselves against ransomware like Wanna Cry is not difficult. If you follow these simple steps, you should be safe from ransomware and most other cyber threats likely to come your way.
1. Keep your system up to date
If you are running Windows XP or Vista, you should immediately update your system to Windows 10 or buy a new computer. As we warned back in 2014, Microsoft is no longer supporting these ancient versions of Windows and continuing to use then makes you a prime target for cyber-attacks. And even an entry model $500 computer that will be far more powerful than your current XP one.
For those using Windows 7 and newer, make sure that you have Automatic Updates enabled so new security patches get installed as soon as they are available. These versions of Windows had already been patched by Microsoft to specifically prevent these types of ransomware attacks.
2. Use a reliable antimalware program
While antimalware programs can’t defend against every attack, they can prevent the vast majority of commonly-found malware from infecting your computer. And when new malware is discovered, antimalware providers quickly distribute updates to block it. We recommended Kaspersky in our latest analysis of the best antimalware solutions, though Bitdefender and Norton are also excellent options. And antimalware isn’t just for Windows users. Ransomware has been discovered for Macs, too.
3. Back up your data – no, really back up your data
It’s important to back up your data for a number of reasons; and the threat of ransomware is definitely one of them. But it’s not enough just to back up to an external hard drive, or even to the cloud. Many ransomware programs are specifically designed to search out backup devices, even across your network and cloud storage, encrypting everything in its path. To protect yourself, you either have to make regular backups to an external hard drive, which you then detach from your system after the backup (a pain to manage), or use a cloud service that provides automatic versioning so that if the most recent versions are encrypted, you can still recover from earlier versions. We’ve always been fans of Dropbox, which offers a 1TB storage plan for around $100 per year.
4. Keep your browser and plug-ins up to date
Some malware, including ransomware, can be delivered via “drive-by” infections. Taking advantage of vulnerabilities in common browser plugins, like Flash or Java, simply visiting a compromised site, or even viewing a malicious ad on an otherwise safe site, is all it takes for the malware to take hold. So in addition to keeping your operating system up to date, it’s just as important to keep your browser and its associated plug-ins up to date.
5. Avoid ransomware in the first place
The Wanna Cry ransomware was spread by email through an encrypted zip file attachment. You click on the attachment and unzip the file and all your precious files are now toast. This common social engineering trick has been around for years and, despite repeated warnings not to click on unknown email attachments, it’s still as effective as ever, as evidenced by the immense global success of the latest Wanna Cry attack.
DON’T BE THAT PERSON. Don’t click on or open files in email unless you know exactly what they are. Since sender names can be spoofed, simply seeing that the sender is a friend, relative or colleague is not enough. If in doubt, contact them directly to confirm that they sent you the file before you start clicking. And that goes for links, too, that may send you to infected websites (see #4 above).
[Image credit: ransomware concept via BigStockPhoto]