WannaCry Ransomware Attack Strikes Thousands
This past Friday (5/12/2017), the worst ransomware attack ever happened, and it’s expected to get much worse before it gets better. Estimates thus far, show that over 200,000 computers in at least 150 counties have been infected. It is expected to get much worse due to the fact that the attack happened at the end of the work week. Having the weekend to spread, thousands more are expected to contract the virus, WannaCry, when they log into their workstations.
What we know so far is that when the system is infected, a red screen appears, displaying “Oops, your files have been encrypted!” and demands payment of $300 in the untraceable e-commerce currency, Bitcoin, within the first three days, doubling thereafter with no hope of recovering files after seven days.
What’s more, even insulting, are further statements of “maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.” Early reports from the New York Time also suggest that this attack could cost victims of up to $1 billion, however, it only appears to have raised about $50,000 thus far.
One of the main reasons this initial attack spared many people is Twitter user @MalwareTechBlog, a 22-year-old cybersecurity expert in the United Kingdom, inadvertently activated the WannaCry ransomware’s “kill switch” by entering in its self-destruct password. It is believed that updated versions of this virus will have this kill switch removed.
While this is the largest of this type of attack to occur, this is far from the first time we’ve seen anything like this. For years, these attacks have been hitting consumers’ personal PCs as well as business PCs: It’s very hard to track down the culprits, and the ransom that they require is intentionally priced—there is a minimum dollar amount that is required before an investigation takes place or the FBI is involved.
Currently, the minimum limit is $500. This means that these ransomware attacks usually demand anywhere from $300 to $499.99. They know what they can risk without having to really worry about repercussions. Unfortunately as well, there has been rumor of the minimum dollar amount will be raised to $15,000! The Reason? Both the number of attacks have increased dramatically, and also victims are more likely to pay this ransom! There just aren’t enough resources to devote to investigating these attacks as it is, so even the $500 current minimum price point is too low to spend money on anytime someone is hit.
How Can You Avoid Being Affected?
While these attacks are malicious, we are in a world that blames the consumer for not being responsible enough to prevent this from happening—since ransomware is contracted by clicking on emails from unknown sources and opening attachments and also by visiting compromised websites.
The FBI recommends, at the very least, the below precautionary steps to protect yourself from ransomware:
- Make sure you have updated antivirus software on your computer.
- Enable automated patches for your operating system and web browser.
- Have strong passwords, and don’t use the same passwords for everything.
- Use a pop-up blocker.
- Only download software—especially free software—from sites you know and trust (malware can also come in downloadable games, file-sharing programs, and customized toolbars).
- Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if you think it looks safe. Instead, close out the e-mail and go to the organization’s website directly.
- Use the same precautions on your mobile phone as you would on your computer when using the Internet.
- To prevent the loss of essential files due to a Ransomware infection, it’s recommended that individuals and businesses always conduct regular system back-ups and store the backed-up data offline.
While these are steps that everyone should abide by and constantly keep in mind, the reality is that nothing is completely fool proof. If someone wants to hack you badly enough, chances are pretty high that they will succeed. The amount of people in this world looking to cause cyber harm far outweighs the people looking to prevent it. Once ransomware is detected and a way has been found to get rid of the virus, the culprits have already found a way to change the virus definitions to no longer be affected by the current fix. There is only so much that can be done to update anti-virus definitions before a slew of others are unleashed on the world. Finally, anti-virus “cures” can’t be released until the virus actually hits, as programmers need the code for the specific anti-virus to write said “cure.”
Let PEI Keep Your Business Safe from Cyber Attacks
Until technology advances far enough, the best solution you can have for these types of attacks—and any type of cyber-attack for that matter—is to be as proactive as possible. While PREVENTING and ELIMINATING the threat before it ever happens would be ideal, if/when you are a victim of these attacks, how much DOWNTIME will you face, and how quickly can you be back up and running?
If IT is directly involved with your career or your means for supporting yourself and your family—and chances are that in 2017 it very much is—what steps are you taking? There is really no clear-cut, single answer that will cover everyone. Everyone is unique, every situation is unique, every business is unique in regard to their IT needs.
Here at PEI, we have a wonderful, knowledgeable group of engineers devoting their time and careers to be at the forefront of the IT World where they strive to learn YOUR IT World. We would love to learn more about what makes you, well, YOU and we would like to show you how we can help.
All it takes is the first step to get in motion. Please feel free to give me a call directly at (303) 974-6824, and I will be happy to get you in touch with these amazing engineers who can help make your business-life less stressful, make you feel more confident in being protected from the technological hazards out there, and ensure your systems are properly functioning to enable your company’s wellbeing and success.
Until next time,
Alex Hoosz, PEI