Cybersecurity is back in the news this week.
The WannaCry ransomware or crypto-virus has infected many computers around the world and highlighted that the threat of scams, viruses, trojans, worms and ransomware is very real and that you need to be forever vigilant to keep your systems and your data safe.
In this article I want to remind everyone of some easy and simple ways to keep yourself safe.
The story of the WannaCry ransomware is interesting as it starts with an exploit found when NSA hacking tools were leaked earlier this year. After the exploit was identified, Microsoft quickly patched it in all supported versions of Windows back in March 2017.
So all the computers running supported versions of Windows and kept up-to-date by Windows Update were safe even before the ransomware was released into the wild. The problem is those consumers and companies that are still running old versions of Windows, especially Windows XP as well as companies and users that stop Windows Update from keeping the systems secure.
So enter the WannaCry ransomware which spread like wildfire amongst unprotected machines, encrypting their data and documents and demanding a payment to recover the files with the added time incentives to increase the ransom and the threat to permanently delete the files.
The damage from the virus has been slowed now due to a security researcher, MalwareTech (@MalwareTechBlog), identifying that the virus called out to a specific internet domain. The domain was not registered, so he registered it and realised that the virus stopped activating if the domain was found. It still spreads, but does not encrypt the infected machine’s data. By accident, he stopped a global cyber attack (see How to Accidentally Stop a Global Cyber Attacks). Also, in an unprecedented move, Microsoft released Windows Updates for unsupported operating systems to fix the issue in Windows XP and Windows Server 2003.
For a complete run down, please have a read of the great blog article by Troy Hunt MVP. You might know of Troy from his great Have I Been Pwned site (see PSA: ‘;–have i been pwned).
So now you have some background on the issue, what can you do to stay safe? This is advice for companies as well as individuals:
- Update your Operating Systems. Make sure you stay on a supported version of Windows, or even better on the latest version of Windows which is the most secure. In short, stop using Windows XP and get all your machines upgraded to Windows 10. For companies complaining about the costs of upgrades, what are the costs of losing all your data?
- Make sure that Windows Update is running and keep your machines updated with the latest security patches and driver fixes.
- Have an anti-virus installed and keep it up to date. I just use Windows Defender that comes with Windows. Sadly, anti-virus programs often cannot protect from these sorts of attacks.
- Don’t open suspicious emails or open attachments. Most successful attacks and hacks in recent years have not been from viruses or trojans. They have been because users were tricked by phishing and social engineering scams into giving their credentials away on fake websites or executing malicious software.
- Finally and most important…. BACKUP. You must have your data (photos, documents, music) backed up to an external drive that is not always connected to your machine. Better still use two or more drives and rotate them offsite. Cloud storage is good, but it is usually synchronized and so still at risk from ransomware, see Backups and Cloud Storage.
Just a side note, it is not always malicious software that is a problem. Last week I received a Facebook friend request… from someone who was already a friend. Looking at the profile, it had a profile picture but no more information, no other pictures, postings or history. I contacted this friend via phone and she said it was not her. This was a scammer spoofing my friend in an attempt to fool her friends. My friends’ account had not been hacked, her password was not cracked, her account was locked down to friends only. The scammer was still able to fool a number of people, until we reported the account and got it shut down. We posted on the real account to explain what was happening and warn friends and we changed the Facebook password as a precaution.
For more information see:
- Security vs. WannaCrypt or WannaCry or .wncry Ransomware: Security Patches, Updates & Best Practices
- The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack
- Don’t Blame Microsoft For WannaCrypt Vulnerability Exploitation
- Customer Guidance for WannaCrypt attacks
Keep safe. There are a lot of a#%@holes out there.
David
15-May-2017: Added link to Microsoft article brought to my notice by Beat Bucher, as well as other related articles.
16-May-2017: Updated details to describe how registering the domain name stops the ransomware from activating, but does not stop it spreading. Added more links from Microsoft.
This article was originally posted on http://www.winthropdc.com/blog.
Winthrop Development Consultants Blog 
Here’s a technical blog post from Microsoft about this outspread: https://blogs.technet.microsoft.com/compilations/2017/05/15/dealing-with-wannacrypt-or-wannacry-or-wncry/
LikeLike
Here’s another link from Microsoft to provide customers with a direct link to the security patch : https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
LikeLike
Actually, the last link sends you the detailed page about the MS17-010 security patch, with an indication how to patch your OS thru Windows Update, but in case you have a multiple systems to patch and want to make it faster, here is a link to the MS Catalog of patches : https://catalog.update.microsoft.com/v7/site/Search.aspx?q=MS17-010
There is a package for every Windows release, including XP SP3.
LikeLike