Ransomware is a term that we will be hearing more about, and 2017 will go down as the year with the highest number of attacks. Here are some things you need to know about it:
1. What is ransomware?
The term ransomware refers to malicious software that infects or locks a computer, preventing access to files. It then plays a message demanding that a ransom be paid to fix it. Most often the malicious software encrypts important files, making them unreadable, and often locks the computer. Once a ransom is paid, the criminal will offer to decrypt the files and return the computer to its normal state. The attack can come from opening an email attachment or clicking on a link.
2. What is the WannaCry attack that everyone’s talking about?
The most recent ransomware attack occurred this past Friday and continues into this week. Named WannaCry (also known as WannaCrypt), the ransomware has infected computers in hospitals, businesses, and homes. Last week most of the intrusions were in Europe, with some in the U.S., and this week it’s spread to Asia, affecting about 200,000 computers (and climbing).
The WannaCry attack took over computer systems, caused them to freeze, and displayed the message, “Oops, your files have been encrypted!” It asked for a ransom payment of $300 in bitcoin to unlock the computer. The problem has affected organizations and individuals running Windows XP, an older version of Windows that had some security faults that the ransomware exploited.
3. What makes a computer vulnerable to this type of attack?
Here is the typical way computers are infected: A fault is found in an operating system and it’s reported back to the developer of the OS, who develops a fix and offers it to their users as a system update. This happens frequently, a few times each month, with Windows and Mac operating systems. These updates may also include feature enhancements, but most of the updates are to fix issues.
The problem is that many users and companies fail to upgrade their software. Criminals learn of the faults as soon as they are identified and exploit them before users upgrade their software. Why doesn’t everyone upgrade immediately? For several reasons, including not learning of the update, not bothering to take the time, or sometimes because older computers may not run as well with new versions of the software.
In the case of this current attack, Microsoft replaced Windows XP with newer versions and was no longer supporting fixes to XP, leaving computers running it vulnerable.
4. How has Microsoft responded to the attack?
In response to this huge attack, Microsoft has issued a patch to fix this vulnerability.
The software giant is blaming the National Security Agency (NSA) for the problem. That’s because the NSA created the malicious software for exploiting the XP fault as a weapon to use on our enemies’ computers.
But several months ago this NSA software was leaked to WikiLeaks, which then released it to the web.
Microsoft President and Chief Legal Officer Brad Smith criticized the NSA for “stockpiling” vulnerabilities.
“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” he said. “This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.”
“Repeatedly,” Smith added, “exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.”
5. How can you prevent this from happening to you?
First, always run a current version of your operating system and install system updates as soon as they are released. Set your computer to update automatically.
Next, be wary of opening attachments or clicking on links. If you receive a document from someone you know that you are not expecting, email the sender to confirm it’s legitimate. When you see a link in an email, first right click on it to see the web address. If it’s a legitimate address it’s ok, but if the address is strange or exceptionally long, don’t click on it.
And when looking at that link, pay attention to the words before and after the period. I’ve encountered illegitimate links that put a legitimate business name elsewhere in the string to make you think it’s the business’ link.
In addition, keep a backup of all your files or just store them in the cloud. If your computer gets infected, you can wipe it clean without losing your files.
Also avoid opening attachments with extensions like “.exe,” “.vbs”, “.scr.” and “dmg.” These are actual software programs. And consider using antivirus software, especially on Windows machines because they are more often the target with so many more in use than Macs.
A good resource to check out is the “No More Ransom” website, an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, and two cyber security companies–Kaspersky Lab and Intel Security. They work to help victims of ransomware retrieve their encrypted data without having to pay the criminals.
6. Who was responsible for WannaCry?
While it’s too early to have a definite answer, signs are pointing to North Korea. According to the New York Times:
Security experts at Symantec, which in the past has accurately identified attacks mounted by the United States, Israel and North Korea, found early versions of the ransomware, called WannaCry, that used tools that were also deployed against Sony Pictures Entertainment, the Bangladesh central bank last year and Polish banks in February. American officials said Monday that they had seen the same similarities. All of those attacks were ultimately linked to North Korea.