Protecting Yourself from Ransomware

Unfortunately, Ransomeware is the word of the day. What is it and how can you protect yourself?

What is Ransomeware?

Ransomeware is typically spread through email. When an unsuspecting person opens the email attachment, the virus uses a flaw in the operating system to lock down a user’s computer and encrypt all files until s/he pays a “ransom” to get an unlock code. If that computer is connected to a network, the virus will spread across the network, infecting everyone.  If your backup drive is connected to the network, it will infect your backup as well.

This particular strain is called “Wannacry Decrypt0r” and is asking $300 from victims to unencrypt their computers.  It is using a flaw in Windows operating system to run code that locks down your computer, encrypting all your files. In order to regain access to your files, you are prompted to pay a ransom. Infected users will see a screen that looks like the one to the right, courtesy of KnowBe4.

How Can I Protect Myself?

There are simple steps you can take to protect yourself now and moving forward.

1. If your backup drive is currently plugged into your computer, remove it immediately. This will preserve your backup in case you are infected.
2. Apply the Windows patch immediately. Microsoft has taken the extraordinary step of patching older, sunsetted, versions of Windows — this is THAT IMPORTANT.  Most systems updated automatically, but to check to see if you have the latest version. For Windows 10, Go to Start->Settings->Update & Security->Check for Updates.
3. Make sure your antivirus software is up to date as well.
4. DO NOT OPEN SUSPICIOUS ATTACHMENTS OR CLICK ON UNKNOWN LINKS — I can’t stress this one enough. Unless you are expecting a Word doc or a zip file from a friend or relative, do not open it. Once infected, computers spread the virus by emailing it out again to people in your contacts.  If the email message just looks weird and doesn’t sound like anything your friend would send you, do not click on the link.  If the email appears to be from your bank, PayPal, Google, email provider, or another service provider, go to their website directly and login normally. If it is a legitimate request, you will be able to get to the information that way.

Updating just your computer is not enough. ALL computers on your network need to be updated to maintain your network integrity.

What about Macs?

This attack needs to be a wake up call for everyone — not just Windows users.  Despite what some seem to believe, Macs are vulnerable to attacks like these. They are targeted less frequently because there are, overall, fewer Macs out there.  Windows-based systems are the primary systems used in major industries and government.  But, the rules for Mac users remain the same:

• Keep your operating system updated
• Use antivirus software and keep it updated
• Never open an attachment when you do not know the original source
• Never click on a link when you do not know the original source — phishing is a problem and gets many people. Remember that your bank, PayPal, Google, email provider, etc. will never email you and ask you to enter credentials before you can see the information. If there is any doubt, go to your bank’s website, email provider’s website, or PayPal directly and login normally.

Final Notes

A final note about IMC servers. We run Linux servers, so they are not affected by the current virus targeting Windows computers. We also have security in place to protect against attacks such as these and continuously review our servers to make sure they are running the latest versions of software. Security patches are installed automatically.