Ransomware attacks demonstrate security vulnerabilities

via Ransomware attacks demonstrate security vulnerabilities, clarionledger.com

PDF: ransomware

The recent ransomware attack has sent shock waves through the world’s data communities. The “WannaCry” attack began on May 12, quickly spreading to more than 250,000 computers in more than 150 countries across the globe. Some experts have linked the attack to North Korea, but it’s still being investigated.

Although brazen and record-setting in scope, this attack is just the latest in a long line of attacks that highlight the vulnerability of the data we use every day. Most of us remain oblivious to the millions of attacks that occur constantly, but this decades-long cyberwar shows no signs of abating anytime soon.

During the recent attack, users of infected computers received an email message that their computer’s data had been encrypted by a vicious “worm” and the only way to get it back was to pay a ransom of $300 in bitcoin currency. If the victim didn’t pay, the price would be doubled after three days, and then the data would be destroyed if payment didn’t come. Many users, frightened by the attack, paid up. The attack seemed to target largely Windows-based PCs.

According to many sources, the attack seemed to exploit primarily older computers, and those without recent security updates, or patches. “Any unpatched Windows computer is potentially susceptible to WannaCry,” noted cyber-security company Symantec. “Organizations are particularly at risk because of its ability to spread across networks and a number of organizations globally have been affected, the majority of which are in Europe. However individuals can also be affected.”

It’s clear that some security patches were effective in slowing the spread of the attack, highlighting the need to update your computer’s security on a regular basis. Most experts recommend that you update your Windows software on a regular basis and use a file encryption feature. Windows users can use BitLocker, which is built into Windows, while Apple users can use FileVault, built into the Mac Operating System.

Here are a few of Symantec’s other tips:

  • Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers. You can set up automated backups, which will check for and install new updates on a regular basis at a time convenient for you.
  • Be wary of unsolicited emails. Don’t click on or open unexpected emails, Symantec advises, especially if they contain links and/or attachments. If you don’t recognize the sender, delete the message.
  • Don’t enable macros. Macros are programs that carry out certain tasks under specific conditions. “Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email,” advises Symantec.
  • Backup your data. Performing regular backups to the “cloud,” external hard drive or other device can provide insurance against attacks. This will help protect you if your data is subject to attack by allowing you to restore your files once the infection has been stopped. However, be sure the backup method you use has adequate protection, and preferably is not easily accessible to thieves. For example, using an external hard drive that’s physically connected to your device and that doesn’t require a password is little better than having no backup at all.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s