On Friday, May 12, the largest ransomware attack ever recorded began breaking headlines. What started with one unwitting computer user in Europe soon spread to more than 200,000 machines worldwide - ultimately affecting Windows computers in over 150 countries, including South Korea, Germany, China, Japan and Britain.
This new strain of ransomware, called WannaCry or WanaCrypt0r 2.0, was unlike anything seen before. By convincing someone to open an email attachment with a compressed zip folder, hackers were able to unleash WannaCry to the world. And stopping it seemed nearly impossible. Were it not for a random kill switch discovered in the code, the results of WannaCry would have been even more devastating.
In less than 24 hours, WannaCry was able to exploit a security loophole in Windows computers called "EternalBlue" that allowed it to scramble hard drives at banks, oil companies, hospitals, automakers and even high-profile companies such as FedEx.
What allowed WannaCry to spread so quickly was that the code deployed a worm that crawled through the network and spread itself from one vulnerable computer to the next.
Another attack is coming
Hearing about all the damage WannaCry successfully caused makes what we're about to tell you even more frightening: That is, researchers now believe the WannaCry ransomware attack was created by amateurs. Or, at least that it was launched accidentally, prior to perfecting the code.
A plethora of inexplicable errors have been baffling the cybersecurity community ever since the kill switch was found. In fact, the kill switch in itself, as well as broken code that complicated or restricted ransom payments, prove just how likely it is that WannaCry was not released by cybercriminal professionals.
All blunders aside, WannaCry successfully earned over $55,000 from those who payed the ransom. But the possibility of another attack now has everyone worried. New versions of WannaCry are already popping up, and if the right hacker were to improve the code, the next attack will be even stronger.
Fight back against ransomware
Although WannaCry primarily impacted large-scale corporations, it's important to point out that it started by infecting a single computer. When the next wave strikes, you don't want to be the one who falls victim. Whether you just own a few computers, or run a small business, you need to follow these steps to ensure you're protected.
1. Install Microsoft's patch and system updates
Microsoft knew of the EternalBlue vulnerability months ago and sent a patch for it in a Security Update back in March. Since EternalBlue is the flaw being exploited by WannaCry ransomware, it is CRITICAL to make sure your Windows operating system is up to date. The specific update you're looking for is MS17-010. To get this patch, simply run a software update on your PC.
To update Windows 10 follow these steps:
- On Windows 10, click Start (Windows logo).
- Choose Settings.
- Select Update & Security.
- Then on the Windows Update section, click on Advanced Options. (Note: the "Windows Update" section is also handy for showing you updates that are currently being downloaded or applied.)
- Under Advanced Options, just make sure the drop down box is set to Automatic.
To update Windows 7 follow these steps:
- Click the Start menu button.
- Click All Programs.
- Scroll through the list and click Windows Update. The Windows Update window will open.
- Click Check for Updates.
- Click Install Updates.
To update other versions of Windows:
Unfortunately, some older versions of Windows operating systems are no longer supported and cannot install this critical Security Update. But, the good news is, Microsoft released an emergency patch specifically for WannaCry since the virus is so wide-spreading.
This means, if you are running Windows XP, Windows 8 or Windows Server 2003, you'll need a different patch. Click here to download the available Security Update for these older Windows versions.
2. Backup your data
Typically, we'd recommend that you install a strong antivirus software on your computer. But, the truth is, in instances such as this, many antivirus programs fail to catch the virus.
It's still best if you have an antivirus installed, however, you also need to backup all of the data on each of your devices. This way, if ransomware hits, you're protected no matter what! Plus, with WannaCry ransomware, experts are saying even if you do pay the ransom there is very little chance you will get your data back which makes back up that much more important.
In the past, we recommended Carbonite to backup all your files. However, Carbonite's focus shifted to large enterprises, so we found a better alternative in IDrive.
One of the main things we love about IDrive is that it allows you to backup all of your devices to a single account, and all for around $6 per month.
IDrive's Universal Backup covers all of the operating systems including Windows, Mac OS, iOS, Android and Windows Mobile. Plus, you can take advantage of the social media backup tool, and create a safe archive for the posts, photos and videos you've shared on platforms like Instagram and Facebook. And as a Kim Komando listener, you can protect all of your devices at an extremely low cost! Click here to save 50 percent on 1 TB of cloud backup storage. Just be sure to use promo code KIM at checkout!
3. Watch out for phishing scams
Scammers are constantly improving their techniques and coming up with new ways to trick innocent computer users. Phishing is commonly an email scam, but it can also happen through social media, text messages and regular old phone calls.
To spot these scams, you should follow these general tips:
- Be cautious with links - If you get an email or notification from a site that you find suspicious, don't click on its links. It's better to type the website's address directly into a browser than clicking on a link. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn't what the link claims, do not click on it.
- Double check the URL spelling - When typing a URL into your browser, take the time to verify you're spelling it correctly. With typosquatting, misspelling a URL could lead to a phishing scam.
- Watch for typos - Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos. Before clicking on a link, hover over it and check for spelling. The safest move is to type the URL into your browser, with the correct spelling of course.
- Use multi-level authentication - When available, you should be using multi-level authentication. This is when you have at least two forms of verification, such as a password and a security question before you log into any sensitive accounts.
Bonus: Power tip for small business owners
Business owners should keep in mind there are certain positions that require more protection than others. One of these areas is accounting, which requires access to the company's financial records.
This is why Kim requires the accounting director at the studios to have two separate computers. Each of these computers serves a unique purpose.
The key difference between these computers is that one of them is hooked up to a separate VLAN, or Virtual Local Area Network, and can only be used for online banking and to access the company's financial records. That means no Facebook, no Twitter, no email, etc.
The other computer is used for emails, the internet, and other daily tasks the accounting director requires.
The data on these two computers will never cross paths because they are segregated and even require separate passwords and logins. Why does Kim take this step to protect her business from ransomware? Click here to see why it's so important, and learn how to set up a VLAN for your own business.
What to do if already infected
If your device has already been infected with ransomware like WannaCry, the most important thing to do is disconnect it from the internet. This will prevent the virus from spreading to other machines on your network.
Next, you should report the incident to the authorities so they can try tracking down the person who is responsible.
Ransomware attacks should be reported to your local FBI field office. To find your local office click here.
You should also file a complaint with the Internet Crime Complaint Center, at www.IC3.gov, with the following details:
- Date of Infection
- Ransomware Variant (identified on the ransom page or by the encrypted file extension)
- Victim Company Information (industry type, business size, etc.)
- How the Infection Occurred (link in email, browsing the internet, etc.)
- Requested Ransom Amount
- Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
- Ransom Amount Paid (if any)
- Overall Losses Associated with a Ransomware Infection (including the ransom amount)
- Victim Impact Statement
Once you've disconnected your computer and reported the attack, it's important that you do not pay the ransom! Giving in to the hacker's demands only rewards the behavior and keeps the scam going.
If you've taken the steps mentioned above, you can wipe your gadget and restore it back to the factory settings. This should remove the malware installed on it; however, it will also delete all your files. But, if you've backed up your devices with IDrive, you can easily recover all of your files, photos and documents, and install them on your wiped (or new) device.
This is why we say backing up your gadgets is so important. Click here for more information about IDrive, and save 50 percent when you use promo code KIM at checkout!
More from Komando.com