Though longer than my usual posts, this is just a quick overview of the ransomware situation as it currently stands in our neck of the woods. The good news is customers probably have nothing to worry about but you should take steps to make sure that remains the case. Only you can make certain — Steve Ritchie
You’ll probably recall hearing about the WannaCry ransomware virus back in May. It affected more than 230,000 computers in 150 countries. In late June a second ransomware attack, ‘Petya,’ made its nefarious debut, shutting down companies in Europe, The US and affecting computers Downunder in Australia and New Zealand as well.
Once installed, ransomware typically encrypts most of your files (documents, photos, music etc) so you can’t open them. It leaves one file working, of course – the one that tells you how to pay the ransom and regain access to your files. It will also attempt to copy itself onto every computer you are connected to (your network) and will attempt to send itself out to others from your computer as an email attachment.
Ransomware has become a rising trend among hackers. It’s most commonly aimed at corporations but individuals can also become victims. That’s because viruses go ‘viral’, sending themselves out willy-nilly, so everyone is a potential target.
The most common way of becoming infected with ransomware is by downloading an email attachment or by clicking a link that goes to a malicious site. Once that happens the virus downloads and installs itself on your system. Getting emails like this is what’s known as ‘phishing’.
Ransomware viruses are particularly good at arriving in emails that appear to be from someone you know, e.g. from your boss sending you work and asking you to click a link or download a file. When a phishing email masquerades like this by, copying details such as names it has found elsewhere on your system, it is known as a spear-phishing attack.
These latest ransomware viruses work by exploiting a well-known vulnerability in the Windows operating system known as Eternalblue. Using that weakness, ransomware can open a backdoor into your computer or shut down your security features and anti-virus features.
Eternalblue was patched long ago by Windows so if you’ve got your machine set to download Windows updates you should be fine (and your system will have been set to do so by default). Those currently being caught out seem not have the latest version of Windows for whatever reason. No doubt they’ll address that oversight in future.
Some quick advice:
Backup your files: The greatest damage people suffer from a ransomware attack is the loss of files that can be important for business or personal reasons. The best protection is to backup all your information and files to a completely separate system such as an external hard drive that isn’t connected to the internet.
Be suspicious of emails, websites and programs: Always exercise caution when opening unsolicited emails or visiting unfamiliar websites. Never download something that hasn’t been verified by an official store, and Google some reviews before installing programs. Never click attachments to emails unless you are completely certain about what you are clicking.
Use an antivirus program: Antivirus programs can stop ransomware from being downloaded onto computers and can find it when it has been. Most antivirus programs will scan files to see if they might contain ransomware before downloading them. It may be worth going beyond the free versions of antivirus programs to be sure you’re getting the best protection.
Always install updates: If you use Windows, make sure it is set to download and install updates. You can check this at something like: Start button/Settings/Update & security/Windows Update/Advanced options.
Never pay the ransom: You should never pay the ransomware fee as it only encourages attackers and you really have no guarantee your files will be recovered. There are some programs that can help decrypt files. Or, if you have a backup, you can restore your device from that.
There’s a good overview of the global ransomware situation at the Guardian.
Stuff has some good New Zealand-based coverage.
Steve Ritchie, Managing Director, DTS Ltd