WannaCry, the ransomware attack spreading across the globe since Friday, was slowed down on Saturday thanks to a “kill switch,” but experts expect a new wave of infections to hit Monday as the new work week begins.
The ransomware attack has claimed 200,000 victims so far in 150 countries. WannaCry targets Microsoft Corp.’s Windows computers, mostly at businesses and government organizations, and has so far affected everything from hospitals in the U.K. to FedEx Corp. in the U.S. to gas station cards in China.
As the hackers continue to tweak their code to elude any makeshift defenses the number of victims could rise substantially. To ensure you are protected from any new versions of WannaCry or future ransomware attacks, make sure you follow the below steps:
What to do if your computer is infected
If you see the above screen, you are a victim of WannaCry. The hackers are requesting a ransom of between $300 and $600, paid via bitcoin, to release your files. If you don’t pay within a specific time period, the ransom will increase and after a week your files will be deleted.
Paying the ransom could get your files released, but there is no guarantee that this will happen or that the hackers won’t target you again or request an additional ransom. The National Crime Agency encourages victims not to pay any ransom. The best solution is to restore all your files from a backup, which you have hopefully been doing regularly in the past.
If governments and law enforcement agencies are able to seize control of the “command and control” servers, the encryption keys could be released to all infected networks. Alternatively, the hackers behind WannaCry could also hand over the encryption keys.
How to stay safe
Update your operating system
To ensure you remain protected ensure your operating system is updated to the latest version. You can enable auto-updates or always approve the latest updates to ensure you are running the most up-to-date and secure version.
In March, Microsoft released a security patch for Windows 10 and Windows 7 users that addresses the vulnerability that WannaCry is exploiting. If you patched your Windows machine in March then you will be safe from WannaCry.
For users who failed to patch their machines, or users running older versions of the Windows OS then you are at risk. In an unprecedented move, Microsoft released a patch Friday for Windows XP, Windows Server 2003 and Windows 8, OSes that the company no longer offers mainstream support for.
You can download the patch from Microsoft’s blog post. The company also released an update for its antivirus software, Windows Defender, which will detect the ransomware as Ransom:Win32/WannaCrypt.
Be wary of unsolicited emails
WannaCry was initially detected spreading through email attachments in phishing campaigns. According to Cisco System Inc.’s Talos security group, in some cases, the emails pretended to represent a bank alert about a money transfer.
As always, but especially now, users should be careful about such emails from unknown sources asking you to download an attachment or click on a link.
WannaCry will scan for unpatched machines that have the Server Message Block vulnerability exposed. Once the PC is infected, the machine will attempt to infect other machines over the local network as well as over the internet.
Back up your data
To prevent being held ransom it is important that you constantly make a secure backup of your important files. The best solution will be to back up your data to an external hard drive that is not connected to the internet.
Alternatively, use a cloud storage service, such as Google Drive, Apple iCloud or Microsoft OneCloud. Using a cloud-storage service doesn’t mean your data will be completely secure, as these companies could also be hacked, but they have better security than individuals and should be able to respond more quickly to an attack.
Use antivirus software
Make sure you have antivirus software from a reputable vendor installed on your machine. The antivirus will be able to scan files before they are downloaded, block secret installations and look for any malware already on your computer.
Lock down your login
The “Lock Down Your Login” campaign, an initiative led by the National Cyber Security Alliance provides additional details on how users can protect themselves from alternative versions of WannaCry or future ransomware attacks. In addition to keeping your software up-to-date, avoiding phishing attacks and more, Lock Down your Login also suggests using unique passwords and stronger authentication.
Use unique passwords: It is important that you use a unique password for each account and don’t reuse passwords. Select passwords that are at least 12 characters long with a mix of letters, numbers and special characters. To manage multiple, complex passwords the best solution is to use a password manager that only requires you to remember one master password.
Strong authentication: Also referred to as 2-step verification, multi- or two-factor authentication, or login approval, it provides an extra layer of security beyond your username and password. Additional security options include security keys, biometrics (fingerprint or facial recognition), or a one-time code sent to your mobile device.