Ransomware attacks have been all over the news lately. The WannaCry variant spread panic across the globe in May, infecting hundreds of thousands of computers in over 150 countries. It was especially devious in the way it spread, like a worm through entire networks.
Another attack dubbed GoldenEye started infecting computers worldwide Tuesday. This latest "ransomware" attack might not be an actual ransomware attack at all, just a smoke-screen to hide the real cyberattack behind the scenes.
What's really going on with GoldenEye
GoldenEye, this current version of Petya ransomware that victimized thousands of computers yesterday, may not have been designed as a for-profit attack but rather as a way to destroy files with ransomware as cover. Security researchers are even calling it a "wiper" attack with no real intent of file recovery.
Victims hit with GoldenEye would see a ransom message appear on their screen. It demanded payment for the return of access to their files.
Image: Example of GoldenEye ransom note. (Source: Twitter)
Victims of this attack, who actually paid the ransom, are not getting their files back. The email address that victims are told to send payment to has been blocked by the German firm, Posteo, that operates it. Meaning people can't email the address and the cybercriminals behind the attack are not able to access it.
Not only that, but after further analysis of the ransomware code, researchers say the cybercriminals had no intention of returning the files. The virus was actually designed to wipe computers outright. Security researcher Matt Suiche wrote on his blog, "We can see the current version of Petya clearly got rewritten to be a wiper and not actual ransomware."
The Petya virus was originally designed to be true ransomware. This latest variant appears to just be a disguise to either hide who is behind it or another attack that could be on the way. We recently told you about the next big cyberattack that the world is not ready for.
The FBI has been warning victims of ransomware for quite some time NOT to pay the ransom. Even if you pay it there is no guarantee that you will get your files back. This incident just confirms that.
With so many cyberattacks making the rounds, you really need to be prepared. Keep reading for suggestions on how to handle ransomware attacks.
How to defend against ransomware
The best way to defend against a ransomware attack is to take precautionary steps. Here are suggestions that will help:
- Back up data regularly - this is the best way to recover your critical data if your computer is infected with ransomware.
- Make sure your backups are secure - do not connect your backups to computers or networks that they are backing up.
- Do NOT enable macros - You should never download PDF, Word or Excel files attached to unsolicited emails to begin with. If you do open one of these documents and it says that you need to turn on macros, close the file and delete it immediately.
- Never open risky links in emails - don't open attachments from unsolicited emails, it could be a phishing scam. Ransomware can infect your gadget through malicious links found in phishing emails. Can you spot one? Take our phishing IQ test to find out.
- Have strong security software - this will help prevent the installation of ransomware on your gadget.
Backing up your critical data is an important safety precaution in the fight against ransomware. It's the best way to recover your files without paying a ransom.
We recommend using our sponsor IDrive. You can backup all your PCs, Macs and mobile devices into ONE account for one low cost! Go to IDrive.com and use promo code Kim to receive an exclusive offer.