You don’t need to have a degree in computer science to understand the impact of a globally spread cyberattack.
Wreaking havoc in organizations in more than 150 countries, the aptly named WannaCryptor, popularly referred to as WannaCry, ransomware has spread like wildfire over the past week – but this threat can impact you, too, both personally and professionally – if you’re not protected.
Here we talk about what happened, how ransomware works, and what you can do to protect yourself from these kinds of serious threats.
So, what happened with WannaCryptor?
On Friday May 12th, 2017, WannaCryptor began to spread across the planet at unprecedented scale and speed, targeting a flaw found in the Microsoft Windows operating system.
ESET clients have reported as many as 66,566 attack attempts in just a few days, with almost half of them originating out of Russia.
Note: “attempts” is the operative word, here, as ESET had already detected (and reported on) attempts to exploit this Windows vulnerability as far back as April 25 – flagged by ESET as Win32/Filecoder.WannaCryptor.D – and thus protected its clients before this particular malware (“malicious software”) strain was even created.
Those hit by the attack, however, saw their files locked up on their PC, leaving only two accessible: the WannaCryptor.D malware itself and an instruction note on how to pay up before everything is deleted off the machine. Cybercriminals demanded many hundreds of dollars per victim, payable in tough-to-trace bitcoin payments.
How ransomware works
As with the case with WannaCryptor, ransomware is when cyberthieves try to extort money from you to unlock your device.
Ransomware can be spread in several different ways, be it spam that led to a phishing attack or via a so-called drive-by download, where a browser’s vulnerability is exploited should you visit specific malicious websites. You may even get a phone call from someone who claims they’ve detected an issue with your computer and they’re here to help (ironically, they’ll help you lock your device up).
Even if a victim pays the ransom to unfreeze the computer, there’s no guarantee the thieves won’t do it again – after all, they’ve paid once already.
If you get this extortion message, never pay the criminals to release your computer. Instead, try to restore your computer to a prior state using “System Restore” (type System Restore in the search window). If this doesn’t work, restart your computer in “Safe Mode” (usually by pressing F8 when booting up) and then run internet security software to remove the threat – which you should have on your machine already, of course.
How to fight it
You can protect yourself from ransomware in a handful of ways:
- Always backup your important files on a regular basis. You can use an external hard drive, USB thumbdrive or microSD card, cloud service, or even recordable discs, if you like.
- While it was too late for many, Microsoft did patch up this vulnerability. Be sure to update your Windows operating system as often as needed, which should be set to automatically do the task for you.
- Use a good computer security solution that protects your PC (and wallet) against viruses and spyware attacks, and be sure to have the definitions update automatically.
- Delete suspicious emails from your bank, internet service provider (ISP), credit card company, and so on, instead of clicking on the link that takes you to a phony site asking you for personal information.
- Never click on attachments you’re not expecting. Same goes for text messages on your smartphone. Hang up if you get an odd call from someone who claims they’re from your ISP or bank, and so on.
- Authors of ransomware also like to use pop-up windows that warn you of some kind of malware on your machine. Don’t click on the window – instead, close it with a keyboard command or by clicking on your taskbar.
by Marc Saltzman, ESET We Live Security