Protect yourself from hackers
If ransomware hasn’t been on your radar until now, the events of the past week should have put it there. A new strain called Wannacry has been sweeping the world, infecting over 10 000 organisations and 200 000 individuals in 150 countries, including the UK National Health System, with disastrous consequences.
What is ransomware and how do you protect yourself against it? As the name suggests, it’s a type of malware that infects computers, encrypting the contents and barring legitimate users from accessing any of their files until they pay a ransom to the hackers. In the case of Wannacry this was $300 (almost R4 000) payable in Bitcoin.
This scourge is nothing new, having been around in various forms for several years, but the Wannacry variant, also known as Wannacrypt, has made such a splash because of the global impact and the fact that it appears to be based on an exploit originally developed by the US National Security Agency (NSA), but subsequently leaked online by a notorious hacker group.
Britain’s NHS was particularly hard hit, with staff unable to access patient records and other basic services. Appointments and surgeries were cancelled and medical facilities were shut down as the NHS battled to halt the spread of the ransomware. Also affected were Germany’s rail system, Russia’s central bank, Spanish telecommunications company Telefonica as well as Renault and Nissan factories.
In South Africa, the damage has so far been confined to a fairly low number of small and medium businesses. This may be thanks to the fact that a Uk-based researcher stumbled accidentally onto a patch for Wannacry before it could spread further.
But new strains which are immune to the fix have already emerged and local security experts fear it’s only a matter of time before a major, possibly Nhs-level, shutdown occurs here.
Itweb.co.za quoted Craig Rosewarne, MD of Wolfpack Information Risk, as warning that critical infrastructure such as the mining, medical, traffic control and banking industries in SA were potentially vulnerable. Research done by the company last year found the systems used to run critical infrastructure in SA are not secure, running on legacy software and not performing regular updates.
If mining houses and banks are at risk, how do individuals like you and I protect ourselves from a ransomware juggernaut like Wannacry?
The first step is to understand how a PC gets infected. With most forms of ransomware this happens when the user falls for a phishing attack, downloading and running an e-mail attachment or clicking on a link in an e-mail. The e-mail often looks legitimate as it’s from a friend, family member or colleague. That’s because their computer has been infected and the malware is attempting to replicate itself by sending e-mails to all their contacts.
Experts advise that you only open e-mail attachments or click through to links, even those from trusted sources, if you are absolutely sure they’re legitimate. If you have any doubts, contact the person directly to check that the e-mail is genuine.
This will protect you from most forms of ransomware but not, alas, Wannacry which appears to be able to attack computers directly without any human intervention by exploiting a vulnerability in a Windows system used for file sharing between computers.
The good news is that it’s pretty easy to shield yourself. If you use a recent version of Windows, make sure to install all updates and security patches as soon as prompted to do so.
If you are using an older unsupported version like Windows XP, Windows 2008 or Server 2003, get the patches for your unsupported OS from Microsoft’s Update Catalog by going to www.catalog.update. microsoft.com and typing KB4012598 into the search box. Upgrade to more recent version of Windows as soon as possible.
The excellent website wordfence. com advises that you update your Antivirus software definitions. “Most AV vendors have now added detection capability to block Wannacry. If you don’t have antivirus software enabled on your Windows machine, we recommend you enable Windows Defender which is free.”
Be sure to backup your PC regularly and make sure you have offline backups. That way, if you are infected with ransomware, it can’t encrypt your backups.
What if you have an Apple Mac? According to macworld.co.uk, there hasn’t yet been a serious ransomware outbreak on the Mac or any Apple hardware. But they cite security researchers who warn it’s a real possibility. “For example, security researchers have found Mac-specific lines of code within Windows ransomware, which indicates that the bad guys are at least considering the possibility.”
Finally, what if you’re a PC user who’s unfortunate enough to already be infected with ransomware? If you have backups, you should be able to restore your system from the backup. If you’re not sure how to do this, enlist the help an IT professional.
If you don’t have a backup, you’re between a rock and a hard place. There’s no way to access your files without the encryption key now in the possession of the hackers. Security experts strongly recommend that you don’t pay the ransom. That’s because it encourages the criminals to seek new victims.
There’s also no guarantee that they will unlock your PC once you’ve coughed up. Then, there’s the not inconsiderable hassle of purchasing the Bitcoin you’ll need to pay the hackers. This form of payment is virtually untraceable.
My advice is that unless the data locked away on the infected PC is absolutely essential, consider it lost, wipe your computer and start from scratch, a sadder and a wiser person. ●Follow Alan Cooper on Twitter @alanqcooper