The recent global ransomware outbreak has revealed the devastation such cyberattacks can cause.
The ransomware is known as WanaCrypt0r, WeCry, WanaCryptor or WeCrypt0r and targets a weakness in Microsoft’s Windows operating systems. The software vulnerability was first discovered by the NSA and then stolen by a group of hackers known as the Shadow Brokers, according to this Guardian story.
The damage was fast and furious; hospitals across England were affected, as well as Telefonica, a telecommunications giant in Spain.
“Chinese state media said 29,372 institutions there had been infected along with hundreds of thousands of devices,” according to this USA Today story.
If you’re running Microsoft 10 and you installed the security update released in March, you don’t need to worry about this attack. The vulnerability the attackers are exploiting was patched in that update. But if you’re running an older version of Microsoft, you have some work to do.
“For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010,” according to a Microsoft blog post published May 12, 2017.
While prior to this attack Microsoft’s policy was to no longer provide security patches for previous (commonly used) Windows versions like Windows XP, Windows 8 and Windows Server 2003, Microsoft broke its own rules in hopes of keeping users safe by releasing free security updates for those out of support versions. You can download them here.
The blog furthers warns that “Some of the observed attacks use common phishing tactics, including malicious attachments. Customers should use vigilance when opening documents from untrusted or unknown sources.”
So what else can you do to protect yourself from both this malware as well as future attacks?
“As an additional ‘defense-in-depth’ measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider that they are protected,” according to the Microsoft blog.
Are You a Victim?
If you are a victim of ransomware, check out nomoreransom.org, a site that’s been around for less than a year but is backed by security firms and cybersecurity organizations around the world. First things first, should you pay up?
“The general advice is not to pay the ransom. By sending your money to cybercriminals you’ll only confirm that ransomware works, and there’s no guarantee you’ll get the decryption key you need in return,” according to nomoreransom.org.
You can upload one of the files encrypted by the ransomware and the site will tell you if it has a solution in place to unlock your files for free.
There’s also a specific prevention advice section for Wannacry on the site.
As always, don’t forget to:
- Back-up your data.
- Install operating system updates as soon as you are prompted. Take. The. Time.
- Install anti-malware or anti-virus programs.
- Take care when installing new programs. Make sure you only install programs you search out, not anything that comes to you.
- Don’t download or open a file that arrives in an email or instant message that you weren’t expecting. When in doubt, contact the sender to see if they really initiated contact.
- Be sure to trash programs you don’t use (or regularly update) anymore.
For other recommendations, visit bleepingcomputer’s “How to Protect and Harden a Computer against Ransomware.” It’s in-depth, which is just what’s needed.
Are you covered for identity theft?