It’s the worst nightmare for any IT professional. Your company’s system is hit by a ransomware that you don’t see coming. The screen-sized message covers your screen so you can’t type or operate the system. The cryptoviral infection holds your computer hostage, encrypting all of your files and disabling your access until you pay a ransom. If you choose to not pay, your invaluable and sensitive data could be destroyed and lost forever. And, even if you do pay, your information still could end up getting destroyed in the process.
WannaCry, a ransomware that utilized National Security Agency (NSA) cyber tools, did precisely that in May 2017. The infection, which was one of many during a record year of cyber attacks, ran rampant very quickly, delivering devastating blows to businesses across numerous industries in more than 150 countries. WannaCry news shows that more than 300,000 private and business computers fell prey to the ransomware, which targeted systems that were running outdated Windows software. Furthermore, the ransomware also opened the door to another exploitative attack that soon followed called Petya, which took advantage of the same security gap.
So how did all of this come about? Why was it such a big problem? And, what do you do if a ransomware attack happens to you? I’m here to help answer those questions and provide you with a solution.
Origins of WannaCry
The attacks, which have since been attributed to North Korea by leaders in the United States and the United Kingdom, are the result of actions by a separate group at an earlier date. The cyber weapons, which all use software that exploit gaps in security, were originally created and used by the NSA to hack into the computers of known or suspected terrorists. The NSA discovered the gap in the security of Windows computers and exploited it to aid in their fight against terrorism, choosing to not inform Microsoft about the vulnerability and leaving systems unprotected.
The tools were then stolen and leaked on the dark web by an anonymous hacker group known as the Shadow Brokers. It was then used by hackers to try to exploit $300 per computer in bitcoin cyber currency.
How it Gained a Foothold
Although Microsoft discovered the vulnerability and released a patch in March, many of the victim companies, such as those in the telecom, healthcare and transportation industries, operate using old or outdated technology. After a certain point, computer manufacturers no longer provide software patches or updates for these “legacy systems,” making them highly vulnerable to this types of exploitive attacks. It’s truly insidious.
Furthermore, once the ransomware takes over the computer, it then begins spreading to any connected drives and devices, including network drives.
How to Prevent Ransomware
So what can you do to try to protect yourself from ransomware and other cybersecurity threats? Our recommended cybersecurity “hygiene” and best practices include:
- Patching and Updates: Always keep your firewall, antivirus software, and computer updated with the latest patches. You can stay up to date on patches and security updates from technology companies via the U.S. Computer Emergency Readiness Team (CERT) website.
- Thinking before you click: Don’t open emails or attachments from people you don’t know. If something seems suspicious, check with your IT security team.
- Backing it up: Regularly back up your data and your computer hard drive via the Cloud or an offline solution.
While it’s not possible to prevent 100% of all cyber attacks, these are some of the best ways to ensure that your information remains as secure and protected as possible. At FPA, our team can help to prepare your company and computer systems for potential cyber attacks and ransomware with our cybersecurity report card, backup & disaster recovery, and managed IT security.
What to Do If It Happens to You
As cyber attacks and ransomware attacks continue to rise with each year, it becomes a lot harder to try to protect your personal and business data assets. So how can you tell if you’ve been compromised? Some of the indications that you have ransomware include:
- Suddenly not being able to access files;
- Errors pop up, saying that your files are corrupted or have the wrong extension;
- A large message pops up with instructions about how to unlock your files;
- A countdown window informs you that the ransom will continue to increase if the ransom is not paid; and
- You discover files with names like “HOW TO DECRYPT FILES.TXT” or “DECRYPT_INSTRUCTIONS.HTML.”
So what can you do if your computer becomes infected by ransomware? My recommendation is like the three steps we teach children for fire safety: stop, drop, and roll.
- Stop: Immediately stop whatever you're doing on your computer and don't do anything else.
- Drop: Immediately drop your network and/or internet connection and unplug your computer from the network.
- Roll: Most often, the best (and sometimes only) response is simply to restore your data from your latest backup.
I’d put together additional directions of steps you can take following the discovery of an apparent ransomware attack.
Tell us about when you or someone you know was infected with the WannaCry ransomware. What did you or they do? Share your experiences with us in the comments box below or send me an email if you’d like to chat further about this topic.