The ransomware WannaCry and WannaCrypt hit the headlines in early 2017 after they infected over 200,000 machines across 150 countries. This ransomware attack affected German Railways, brought computer systems in British Hospitals to a halt and even spread as far as Australia. Users were locked out until they paid a ransom.
The fact is, it’s quite easy to protect yourself against this kind of attack.
Ransomware, what is it?
This is a type of malware that locks users out of their online-enabled devices preventing you from accessing your files, unless you pay an amount, ransom.
Some ransomware attacks are severe than others: some will only lock you out of your device by making it impossible for you to log in. Some will encrypt your files and prevent you from accessing them, and some will go after your Master Boot Record and stop your computer from loading the OS.
Some types of malware infect your external drives for distribution to other computers.
Viruses were and are still used by hackers to hide in the background waiting for you to key in your passwords and credit card information. Malware is the preferred form of attack because they immediately ask for money. Some even include a timer to pile pressure on the victim of the attack.
According to the Symantec Internet Security Threat Report of 2017, ransomware attackers demanded $1077 in 2016, up from $294 in 2015. The payment is usually demanded in cryptocurrency such as Bitcoin since the addresses are not directly linked to the owners.
Ransomware targeted PCs but are now prevalent on Android. For ransomware to affect an Android device, the user has to change the settings of installing non-Play Store apps.
WannaCrypt
WannaCrypt also known as WannaCry was widely reported in 2017 after affecting many computers across 150 countries. This malware also affected other computers on the same network.
WannaCry targets devices running Windows by exploiting a vulnerability in the security settings. Windows 8.1, Windows 7 and Windows Vista all have this vulnerability. However, patches and updates have been released by Microsoft to address this issue. Windows 10 doesn’t have this vulnerability.
The best security measure is to update Windows Security.
How do you get infected?
Ransomware tricks the user into installing it. This can be through dodgy online links where the user is offered access to something like downloading a specific file or attachment.
The links purport to be from a bank, online service such as Netflix or from a government agency. The email can be some sort of alert, a non-existent fine or about someone accessing your account. The main purpose of the email is to make the user react out of fear.
Cyber-criminals can also use publicly available information about you to draft specific messages that you might expect from a friend, service provider, colleague or employer. Such messages have a higher chance of getting the expected response, in this case, installing the software.
Older antivirus software won’t detect such attacks as the malware might be too new, too obscure or the program might be drafted in a way that it modifies itself to avoid detection.
The modern ones use sandboxing and behavioral analysis to detect ransomware.
In the case of behavioral analysis, the antivirus will look for suspicious activities happening on your computer such as encryption of files. If such processes are detected, the security application will attempt to stop such activities.
Sandboxing is a form of quarantine where new suspicious software is isolated in an environment known as a sandbox, where it’s unable to affect the rest of the system.
What to do if you’re infected
Never pay the ransom unless it’s your only choice, this should be your last resort. Paying cybercriminals encourages them to continue with this behavior and you also have no guarantee that they will release your files.
There is an online tool known as Crypto Sherriff that is used to check whether the ransomware that is affecting your computer has been solved. If it has, the tool will link you to a decryption tool.
You have to upload an encrypted file from your device, or website address or email you see in the ransom demand.
In certain instances, a data recovery expert can get your files back, but for a fee. In some cases, it costs more than paying the ransom.
This is where backing up your files is important because you will simply restore everything from your backup.
How to Prevent Yourself
The best way is to avoid installing or opening links or attachments from people or address you don’t recognize. Avoid opening suspicious emails, even those that contain safe sounding files such as Word documents.
Avoid scams such as odd emails from service providers, banks, and government agencies. Such emails are similar to the real emails such as aple.co instead of apple.com.
Do not install dodgy files from suspect sites. If it’s a torrent site that asks you to download an extra program to access the file that you want to download, then it’s not legit. If a pop-up informs you that your computer is unsafe, it’s lying.
Keep all your software updated whether its iTunes or your Operating System. WannaCrypt will affect your PC if it’s not updated with the latest security and patches.
Keep a backup on external drives or cloud storage to make it easy for you to come out unscathed in the event of an attack.