In mid-May 2017, workers around the world logged into their Windows computers and didn’t see a friendly Windows login. They saw a large red box that claimed all the computer’s information — from vital business documents to any personal files — had been encrypted and couldn’t be recovered unless the user paid a $300 or more ransom.
Welcome to the world of ransomware, a special type of malicious software (malware) that holds a computer hostage until payment is made. Ransomware has been around for many years, but it wasn’t until 2017 that a ransomware attack rolled out on the worldwide stage.
The May malware attack, named WannaCry, took advantage of a weakness in Windows XP and some other discontinued but still widely used Windows operating systems. WannaCry infected more than 230,000 computers in 150 countries, affecting Russia, Ukraine, India, and Taiwan the hardest. The worst-hit organizations were the British National Health Service (which had to reschedule appointments and redirect patients to uninfected facilities), FedEx, Germany’s Deutsche Bahn and Spain’s Telefonica.
Why did WannaCry spread so easily? Hackers knew the exploit was out there. The U.S. National Security Agency knew about the weakness but never publicized it; however, many of its files were hacked and leaked onto the internet in early 2017.
Elliptic, a company that tracks Bitcoin spending, estimates that $121,000+ has been paid in ransom in its first week. Bitcoin is a type of digital currency that does not require a central bank.
Today, WannaCry has all but disappeared — but the threat of a new ransomware attack is still out there. Here are some tips to reduce the risk of being the next victim:
Update, Update, Update
As the WannaCry victims discovered, outdated software can expose you to many kinds of malware, including ransomware. Your organization’s IT professionals must remain abreast of all the latest operating system updates and patches, and should be quick to roll out changes as soon as they are available and have been tested. The latest Microsoft operating system, Windows 10, is continually updated to reflect the latest malware threats. If you want to see if you’re running the most updated version of your operating system:
- In Windows, enable the autoupdate option in Settings
- On MacOS, go to “About this Mac” under the Apple menu and click on “Software Update…”
While no ransomware has yet been reported on iPhones and Android mobile devices, make a habit of updating that software as well.
Watch Out for Downloads
Most malware appears to be transmitted through viruses — malware that, once open on someone’s computer, copies itself and then spreads to other computers. One of the easiest ways for hackers to get malware on your computer is through malicious emails that ask you to download and run a file.
Be suspicious of any email with an unexpected attachment. These emails might come from coworkers or friends, so don’t fall into the trap of trusting the message because you trust the sender. If you’re not sure about an email attachment, contact the sender and ask if they meant to send the file.
Microsoft Office (Word, Excel, PowerPoint) files can also carry viruses, so be cautious with those attachments as well. The only files that are absolutely safe to open are text files, which have a .txt extension.
If you’re in IT for your organization, now is the time to emphasize proper training for all employees. You should give your staff the tools and confidence to sniff out bad attachments.
Back It Up
In a worst-case scenario, your computer is infected with ransomware and the cost is too high to pay. At this time, one of your solutions might be to completely restore your computer from a backup. This will only work, however, if you make frequent backups. Both Windows and OSX have built-in backup software. Cloud-based solutions, such as Carbonite and Crashplan, are a popular option.
For more advice on how to keep yourself safe from cyber attacks, check out this article for further reading.