Here’s how you can avoid becoming a ransomware victim
By JAMES DANIELS JR.
On Friday, May 12, the news was inundated with reports of a widespread cyberattack that was affecting companies all over the globe.
This cyberattack affected 200,000 Windows computers in more than 150 countries, including China, Japan, South Korea, Germany, Britain and the United States. The cyberattack targeted hospitals, academic institutions, well-established companies and movie theaters.
This ransomware attack used a variant named WanaCryptor 2.0 commonly known as “WannaCry.” The variant used an exploit found in Microsoft Windows operating system software to infect machines and carry out its attack.
However, Microsoft is not to blame for the widespread attack. Actually, Microsoft had previously released a software patch to remove the exploit used for the assault, according to Kaspersky Lab. So, how did this attack spread to so many computers? It spread so rapidly due to companies and individual users not updating their Microsoft Windows computers with the latest security patches. Therefore, if more of these businesses and users had updated their Windows computers, the effects would not have been as widespread.
What is ransomware?
Ransomware is malicious software that takes control of your computer’s data files and holds them for ransom. The software can control the data files by encrypting the files and preventing access without the proper decryption key. This key can only be supplied once you pay the ransom amount via bitcoin.
The ransomware malware is downloaded via an email attachment; hyperlinks inside emails that seemly send you to legitimate websites; and clicking within popup windows that often advertise software products to remove malware. Without the knowledge of the user, the ransomware can lie dormant until the cybercriminal activates the malicious software.
More often than not companies do not realize they have become a victim until users start to complain about inability to access their documents and information. When this occurs, IT support typically finds the extensions of necessary files renamed with the ransomware variant. For example, WannaCry would rename file extensions to “.WNCRY”
The rise in cybercriminals’ usage of ransomware is linked to the increase popularity of bitcoin. The bitcoin services are pseudonymous; there is no name or person associated with the bitcoin account, ownership is established using a bitcoin address. This makes it difficult if not impossible to identify the account holders; creating the perfect currency for cybercriminals.
According to the FBI, in 2014 the cybercriminals behind the CryptoLocker ransom attack netted approximately 27 million in six months from companies and individuals whose data they locked. Kevin Haley, director of Symantec Security Response, stated ransomware attacks in that same year rose 113 percent over the previous year. The FBI predicted in 2016 ransomware payout would hit a billion dollars after first quarter numbers reached $209 million.
How to stay safe
Staying safe may be easier than you think. These are some steps that can be taken to ensure you are as safe as possible against the effects of malware-based attacks.
Update your software: Keep your Microsoft Windows operating system up-to-date with the latest security patches. This can be accomplished by configuring Windows computers to install the latest software updates automatically. This same philosophy applies to 3rd party software application as well; those applications need to be kept up-to-date.
Install Antivirus Software:
The installation of antivirus software can prevent malware from infecting your computer. However, the same update rule apply; you must keep the antivirus software up-to-date to ensure it blocks emerging malware threats. Finally, only antivirus software from reputable vendors.
Create Backups of Data: It is always a good idea to back up your data in the event your computer dies or is lost. It is also a good idea to backup your data, in case you get locked out. The backup will provide you a means to recover your information, by erasing the data on the affected computer and restoring it from your backup. To keep the integrity of the backup data, you should unplug it from the computer once the backup is complete.
Be cautious of emails and popups:
When reviewing email, if you do not recognize the sender of an email or if you receive an unexpected email be careful when clicking on attachments or links within the email. Phishing emails are designed to look legitimate; therefore it is important to pay attention to the email address of the sender. Always look for grammatical errors or typos within the email. Also, hover over the link in the email but don’t click on them, to see if they direct you to a legitimate web address. Finally, remember requests from service providers, banks, or government entities will not ask for sensitive information via email.
What to do if already compromised
If you have become the victim of ransomware, the best thing to do is disconnect your computer from your Internet connection so that you don’t infect other devices connected to your network. The next step would be to contact law enforcement and report the crime, then contact a technology professional to determine your options for recovery.
In extreme cases, it might make sense to pay a ransom if you have no backups and the encrypted files are valuable, said Chris Wysopal, the chief technology officer of Veracode, an application security company. Yet he acknowledged that by paying the ransom it continues to perpetuate the ransomware cycle.
James Daniels Jr. is an instructor in the Information Technology Department for the Accelerated Degree Program at Lindenwood University-Belleville. He also is the owner of FusionPoint Technologies, a managed IT services provider.
Personal experience triggers IBJ column
I was recently hit with a computer scam. Suddenly, a box popped up on my screen that purported to be from Microsoft. It said that I was the victim of a Trojan Backdoor Hijack; my computer had been infected; it was transmitting my credit card information; and Microsoft had locked my computer for my own protection. It instructed me not to close the box but to call a phone number where agents would be able to solve my problem, delete the virus and return control of my computer to me.
I went to my other computer and researched the Trojan Backdoor Hijack-Zeus virus and discovered that it’s been around for a couple of years. You can find simple instructions on line to safely close it out but, if you call the number, they charge you $500 to do it for you.
Since then, we’ve all seen the reports of the WannaCry ransomware virus that was blasted out across the globe. Big ones like WannaCry get lots of press attention but, unless you subscribe to computer geek magazines like PC World, PC Magazine or Computer World you will never hear of 99 percent of them.
All of our businesses — even the little mom and pops — run on computers: tracking customers and inventory, creating invoices and receiving payments, making deposits and paying bills.
And the bad guys are getting badder. It used to be computer geeks getting their kicks just seeing what they could do. Now it’s high crime and the perpetrators are spread around the globe. There are virtually millions of new malware programs being launched each year. Microsoft systems are the target 99 percent of the time. If you’re computer runs on Microsoft software, you are in the crosshairs.
It made me think that it would be a great service to the nearly 19,000 businesses, organizations, governments and agencies that receive our newspaper and also make for interesting reading, if we would create a new, regular feature focusing on computer news, viruses and scams so we can let you know what’s going around; what to look out for; and what to do if it happens to you.
We turned to one of our universities for help — Lindenwood-Belleville — and have enlisted James Daniels, Jr., an instructor in the Information Technology Department for the Accelerated Degree Program. He also is the owner of FusionPoint Technologies, a managed IT services provider. James’ column will be a regular feature of the Illinois Business Journal. I hope you find it helpful and informative.
– ALAN ORTBALS
Interior designer joins Louer firm
COLLINSVILLE – Jamison Guithues has joined Louer Facility Planning, Inc. as an interior designer.
An honors graduate of the International Academy of Design and Technology in Chicago, Guithues’ experience and expertise includes sustainable design, computer-aided design and project management. She is a Granite City resident.