The Ransomware Attack Isn’t Over yet – Here’s How to Protect Yourself
If your computer is running Microsoft Windows, you need to follow these steps immediately.
Here’s why: If you have not heard, hackers used a vulnerability in the older Microsoft Windows servers so that in the Friday to carry out a large-scale global cyber attacks with extortion – malicious software that keeps your computer hostage for ransom – and hacking tools stolen from the National Security Agency United States (NSA). The massive attack denied victims access to their computers, promising to regain access if $ 300 was paid in digital currency with bitcoins, and threatening to destroy files if the ransom was not paid.
To date, at least 200,000 computers have been infected in more than 150 countries , affecting everyone from businesses and governments to academic institutions, hospitals and ordinary people.
How it works
A malicious program that “ spreads like a worm ” is transmitted through a phishing email containing a compressed encrypted file. Because the file is encrypted, security systems do not identify the ransomware called Wanna Decryptor until it is downloaded. Wanna Decryptor, the next-generation version of WannaCry ransomware, gains access to a specific device after downloading a file with malware: it then encrypts the data, locks the system and demands a ransom.
Ransomware usually doesn’t work that fast. But thanks to a stolen NSA cyber weapon called EternalBlue, which was leaked last month by a hacker group known as the “Shadow Brokers”, the malware quickly spread, exploiting a security breach in Microsoft Windows servers.
What users need to do
Simply put: make sure your Microsoft Windows server has the latest version. In mid-March, Microsoft released a patch to fix the hole in Windows 7 and other supported versions of Windows: Vista, Server 2008, Server 2008 R2, 8.1, Server 2012, RT 8.1, 10, Server 2012 R2, and Server 2016. But those who are not applied a software update, were and remain vulnerable to a hack.
In light of the attack, Microsoft has released patches to protect older versions of Windows that “no longer receive mainstream support” from the company, such as Windows XP, Windows 8, and Windows Server 2003. The ones that run on Windows 10 are fine as their software not vulnerable to this cyberattack. Potentially affected devices include Windows 7 and Windows Server 2008 and earlier operating systems.
Microsoft recommends that customers upgrade to Windows 10 and install security update MS17-010 . With update 1.243.297.0, Windows Defender Antivirus detects malware as Ransom: Win32 / WannaCrypt. The company also recommends Device Guard for enterprises and Office 365 Advanced Threat Protection for blocking emails containing malware.
The American Computer Emergency Preparedness Group (CERT) has released guidelines on how users can best protect themselves from the recent WannaCry ransomware threat. In addition to “being extra careful with compressed or zip file attachments,” CERT recommends that you exercise caution when directly clicking on links in an email, even if the sender is someone you know. They suggest trying to check web addresses yourself.
What happens if you don’t take protective measures?
Even if you do not actively download a file from a phishing email, your device may be in danger – ransomware also spreads through file-sharing systems on the network. Microsoft explains that the ransomware worm-like functions infect “unpatched Windows machines on the local network” and “conduct bulk scans of IP addresses on the Internet to find and infect other vulnerable computers.”
On infected devices, the desktop background image is replaced with a message urging the user to follow the instructions until it reaches the ransom screen. There are two timers here: one shows the amount of time remaining until the files are deleted, and the second shows the time until the ransom increases from $ 300.
At this stage, people have two options: pay and hope their device is repaired, or part with the contents of their computer. The US government recommends not paying the ransom because the allocation of money does not mean that the data will be recovered, and a concession to cybercriminals could encourage further attacks. But easier said than done when your own files have been stolen.
Didn’t the extortionists stop?
On Friday night, the outbreak was slowed down by the inadvertent discovery of a ” kill switch ” located in the malware’s code. The discovery was made by a British cybersecurity researcher who only identifies as MalwareTech .
While this stopped the spread of malware, the attackers can easily modify the code to get the case back on track. Two new types of malware have been discovered since Friday. Thus, people need to protect their computers.
How common is ransomware?
More often than you think . NPR reports that 40% of spam in the past year contained ransomware attachments. And the ransomware industry is growing. In 2015, victims of ransomware said their total annual costs (e.g., ransom, tech support, security software) were $ 24 million, Reuters reported last year. In just the first three months of 2016, reported expenses have already reached $ 209 million.
General sound advice: regularly back up your files remotely . This way, you never have to succumb to a ransomware request if and when your device gets jailbroken. And of course, always keep your computer software up to date.