May has been quite the month for cyber criminals.
Major Attack Hits Several Countries
WanaCrypt0r crippled systems in over 90 countries.
The health care system in England was particularly hard hit.
Spain’s telecom service Telefonica also was infected.
More frightening for the developers, Russia was perhaps the hardest hit victim. Apparently, banks, their health and interior ministries, railways, and a mobile phone network were all hit.
Other countries include France, Portugal, Germany, Italy, Sweden, China, and the US.
How This Attack Was Different
Sadly, this spread so far so fast because it exploited a server weakness that had been patched in March.
If an infected computer was connected to a network that utilized Microsoft’s file sharing protocol Server Message Block (SMB), WanaCrypt0r was able to infect all the computers and servers on the network.
Many of the services – especially in the health care field – run outdated systems due to software compatibility. This leaves them more vulnerable to attack as their systems are no longer updated.
This bears a little bit of focus: this ransomware didn’t spread so aggressively because people clicked on bad links.
Maybe the initial infection occurred because someone clicked on a link or opened an attachment.
However, the Locky ransomware requires that every infected computer click. This WanaCrypt0r ransomware was able to spread automatically.
Even the Mouse is Vulnerable to Attack
An upcoming Disney movie has been reported to being held hostage with the threat that large chunks of the movie will be released if the ransom isn’t paid. Disney CEO Bob Iger stated that the company is not going to pay.
Due to upcoming movie release dates, speculation is that the movie is either the next Pirates of the Caribbean movie or Cars 3. It’s questionable as to how the criminals got their hands on a full-length feature film, though.
Protecting Yourself from Ransomware
The WanaCrypt0r outbreak reinforces the need for good cyber hygiene.
Here are some tips for specifically avoiding the WanaCrypt0r and other WannaCry ransomware versions:
- Take care when clicking on links in emails. You can hover over a link to see if the link actually takes you to the URL it shows. The absolute best practice is to manually type the address in your browser so that you can be sure you are going to the website you want to. Make sure you spell it correctly, though, and use the proper domain (.com as opposed .net, etc.).
- Be cautious with attachments. You should never open an unsolicited attachment. Never. Even if it purports to come from someone you know, there is a chance that the email has been hacked or spoofed. Using a secure service such as ShareFile to send and receive files can eliminate this threat. In ever in doubt about an attachment you receive, contact the sender with contact information obtained through a source other than the email.
- Use best practices for Server Message Block. If you are using Microsoft’s file sharing protocol, be sure the settings are properly secured from outside traffic. Also, be sure you maintain updates to keep the system secure. If you haven’t updated your server recently, DO SO IMMEDIATELY.
In addition to specific ransomware prevention, good overall best practices to keep your computer safe and secure:
- Install updates. So many existing bugs thrive on problems that have been patched months or years ago that it’s mindblowing. Updating can save you a lot of headaches and may minimize damage if someone does happen to click on the wrong thing or visit a page infected with malware.
- Be suspicious of unsolicited emails. Sometimes you may actually get a visit or phone call from scammers, but typically they send emails to maximize reach. Never assume that an email or phone call is from who they say they are just because that company and person exists. I seriously doubt the information obtained will be life-changing enough to willfully communicate with a potential scammer. This is a better safe than sorry scenario.
- Pay attention to URLs of websites. Sometimes scammers spoof websites with sites that are nearly identical. Sometimes it’s a variation in spelling, other times it’s a different domain (.com, .org, etc.). Many businesses purchase multiple domains and redirect to the proper site, but do not assume this is the case all the time.
- Verify anything you are unsure about. It is much less embarrassing to call someone and ask if they sent you an email than to have your computer system hijacked by ransomware. Don’t be afraid to ask. Be sure to use contact information obtained from a source other than the email in question, though.
- Be cautious with sensitive information. No legitimate company will ask you to reset your password or provide your credentials via an email. Be sure to type in a web address for sites that you log into that contain sensitive information such as banks, online databases, etc.
- Keep your security in full working order. At minimum, this is anti-virus software, a firewall, and email filtering software. Hopefully your anti-virus comes with an ad blocking component. If not, you should invest in that as well. Ad blocking prevents adware and malvertisment from infecting your computer. Both of these can be found on perfectly legitimate websites that you may visit frequently.
It’s a dangerous web out there. With a little precaution, you can navigate it safely.