Common sense, backup, proactive protection, and automated removal tools can help to build your defense against ransomware
Back in May of 2017, WannaCry, the ransomware attack affecting some 300,000 computers worldwide, generated up to $4 billion in losses, according to cyber risk firm Cyence. The hack may also have links to North Korea: Cybersecurity researchers found similarities to code used by North Korea-based Lazarus Group, a cyber gang also implicated in the 2014 Sony Pictures attack.
Mark Hachman, Sr. Editor with PCWorld, wrote this defense plan to help manage the panic over ransomware. WannaCry appears to leverage software the National Security Agency developed, and was then turned into malware. It’s already struck the U.K. National Health Service, and several other banks and organizations.
According to NPR, the ransomware attack that began in Europe on Friday is hitting new targets in Japan and China. The WannaCry software has locked thousands of computers in more than 150 countries. Users are confronted with a screen demanding a $300 payment to restore their files.
Ransomware encrypts and locks the files that are most precious to you. So don’t leave them vulnerable. Backing them up is a good strategy. Take advantage of the free storage provided by Box, OneDrive, Google Drive, and others, and back up your data frequently. Beware though—your cloud service may back up infected files if you don’t act quickly enough. Investing in an external hard drive is a good option.
Don’t panic if you have it.
Your first move should be to contact the authorities, including the police and the FBI’s Internet Crime Complaint Center. Then ascertain the scope of the problem by going through your directories and determining which of your user files is infected. If you do find documents that have odd extension names, try changing them back—some ransomware uses “fake” encryption, which merely changes the file names without actually encrypting them.
The next step is identification and removal. If you have a paid antimalware solution, scan your hard drive and try contacting your vendor’s tech support and help forums. Another excellent resource is NoMoreRansom.com’s Crypto-Sheriff, a collection of resources and ransomware uninstallers from Intel, Interpol, and Kaspersky Lab that can help you identify and begin eradicating the ransomware from your system with free removal tools.
Experts say these common-sense habits can help mitigate your exposure to malware and ransomware:
- Keep your PC up to date via Windows Update. WannaCry doesn’t even try to attack Windows 10, choosing instead Windows XP and older Windows operating systems.
- Ensure you have an active firewall and antimalware solution in place. Windows Firewall and Windows Defender are barely adequate, and a good third-party antimalware solution is far better. WannaCry patches are available for Windows 8 and Windows XP.
- Don’t rely on antimalware to save you, however. Experts at RSA say that antivirus companies are just getting around to addressing ransomware, and their protection isn’t guaranteed.
- Ensure that Adobe Flash is turned off, or surf with a browser, like Google Chrome, that turns it off by default.
- Turn off Office macros, if they’re enabled. In Office 2016, you can ensure they’re off from the Trust Center > Macro Settings, or just type “macros” in the search box at the top, then open the “Security” box.
- Don’t open questionable links, either on a webpage or especially in an email. The most common way you’ll encounter ransomware is by clicking on a bad link. Worse still, about two-thirds of the infections tracked were on more than one machine, implying that infected users forwarded the link and exposed more people.
- Likewise, stay out of the bad corners of the Internet. A bad ad on a legitimate site can still inject malware if you’re not careful, but the risks increase if you’re surfing where you shouldn’t.