By JAMES DANIELS JR.
On Friday, May 12, the news was inundated with reports of a widespread cyberattack that was affecting companies all over the globe.
This cyberattack affected 200,000 Windows computers in more than 150 countries, including China, Japan, South Korea, Germany, Britain and the United States. The cyberattack targeted hospitals, academic institutions, well-established companies and movie theaters.
This ransomware attack used a variant named WanaCryptor 2.0 commonly known as “WannaCry.” The variant used an exploit found in Microsoft Windows operating system software to infect machines and carry out its attack.
However, Microsoft is not to blame for the widespread attack. Actually, Microsoft had previously released a software patch to remove the exploit used for the assault, according to Kaspersky Lab. So, how did this attack spread to so many computers? It spread so rapidly due to companies and individual users not updating their Microsoft Windows computers with the latest security patches. Therefore, if more of these businesses and users had updated their Windows computers, the effects would not have been as widespread.
What is ransomware?
Ransomware is malicious software that takes control of your computer’s data files and holds them for ransom. The software can control the data files by encrypting the files and preventing access without the proper decryption key. This key can only be supplied once you pay the ransom amount via bitcoin.
The ransomware malware is downloaded via an email attachment; hyperlinks inside emails that seemly send you to legitimate websites; and clicking within popup windows that often advertise software products to remove malware. Without the knowledge of the user, the ransomware can lie dormant until the cybercriminal activates the malicious software.
More often than not companies do not realize they have become a victim until users start to complain about inability to access their documents and information. When this occurs, IT support typically finds the extensions of necessary files renamed with the ransomware variant. For example, WannaCry would rename file extensions to “.WNCRY”
The rise in cybercriminals’ usage of ransomware is linked to the increase popularity of bitcoin. The bitcoin services are pseudonymous; there is no name or person associated with the bitcoin account, ownership is established using a bitcoin address. This makes it difficult if not impossible to identify the account holders; creating the perfect currency for cybercriminals.
According to the FBI, in 2014 the cybercriminals behind the CryptoLocker ransom attack netted approximately 27 million in six months from companies and individuals whose data they locked. Kevin Haley, director of Symantec Security Response, stated ransomware attacks in that same year rose 113 percent over the previous year. The FBI predicted in 2016 ransomware payout would hit a billion dollars after first quarter numbers reached $209 million.
How to stay safe
Staying safe may be easier than you think. These are some steps that can be taken to ensure you are as safe as possible against the effects of malware-based attacks.
Update your software: Keep your Microsoft Windows operating system up-to-date with the latest security patches. This can be accomplished by configuring Windows computers to install the latest software updates automatically. This same philosophy applies to 3rd party software application as well; those applications need to be kept up-to-date.
Install Antivirus Software:
The installation of antivirus software can prevent malware from infecting your computer. However, the same update rule apply; you must keep the antivirus software up-to-date to ensure it blocks emerging malware threats. Finally, only antivirus software from reputable vendors.
Create Backups of Data: It is always a good idea to back up your data in the event your computer dies or is lost. It is also a good idea to backup your data, in case you get locked out. The backup will provide you a means to recover your information, by erasing the data on the affected computer and restoring it from your backup. To keep the integrity of the backup data, you should unplug it from the computer once the backup is complete.
Be cautious of emails and popups:
When reviewing email, if you do not recognize the sender of an email or if you receive an unexpected email be careful when clicking on attachments or links within the email. Phishing emails are designed to look legitimate; therefore it is important to pay attention to the email address of the sender. Always look for grammatical errors or typos within the email. Also, hover over the link in the email but don’t click on them, to see if they direct you to a legitimate web address. Finally, remember requests from service providers, banks, or government entities will not ask for sensitive information via email.
What to do if already compromised
If you have become the victim of ransomware, the best thing to do is disconnect your computer from your Internet connection so that you don’t infect other devices connected to your network. The next step would be to contact law enforcement and report the crime, then contact a technology professional to determine your options for recovery.
In extreme cases, it might make sense to pay a ransom if you have no backups and the encrypted files are valuable, said Chris Wysopal, the chief technology officer of Veracode, an application security company. Yet he acknowledged that by paying the ransom it continues to perpetuate the ransomware cycle.
James Daniels Jr. is an instructor in the Information Technology Department for the Accelerated Degree Program at Lindenwood University-Belleville. He also is the owner of FusionPoint Technologies, a managed IT services provider.