A new ransomware attack has hit many targets in Europe and Russia, and could soon make its way to the United States. The attack is a customized version of the WannaCry virus that hit a few months ago where hundreds of thousands of users were locked down and the data held ransom until the victim paid money in bitcoins. The spread of this new virus again tells us that many people are still not protecting themselves properly and are still making the same mistakes when using their computers.
The first aspect of attacks like these is how the virus gets on your computer. In both cases the initial infection comes from a hacked website. It would be easier to combat if the sites were suspect from the outset that a user should have not visited on their office computers. Unfortunately, some of the known infected sites were city municipality and services sites.
When the unsuspecting user visits the hacked website, they are prompted to install an important update to their computer. In this case it was a request to install a Flash update. Messages like this that come out of the blue should be ignored. I would even suggest that you ignore all pop-ups and update prompts that come from visiting a webpage. There has never been any harm that came from being too vigilant when browsing websites. Let me repeat: Definitely ignore all Flash update requests! For some reason this is used most commonly for the introduction of the ransomware program.
Once the program has been installed, it immediately goes to work encrypting your local computer. Once it finishes there it will try to access other computers on the network using what has now been determined to be some of the hacking tools used by the NSA that were released into the wild earlier this year. These tools are known to be good at gaining access to systems that have not been patched to prevent the access and whose users use less than secure communications methods and bad password configurations.
Sometimes paying the ransom is indeed the best and cheapest option, but there are things you can do to help avoid being faced with this option in the first place.
First you should have a good backup program that you are testing on a regular basis. Too many times our IT Team has come across a situation where someone has set up an automatic backup a while back, but never checked to see if it was still running. We’ve found cases where the backup hadn’t been running for months. This greatly reduces your chances of recovering in the event of a ransomware attack or in the event that you need to recover data that has been lost due to normal user error.
Your password strategy should no longer be ignored. Many people neglect using complex passwords because they can be difficult to remember. If you must go with a simple password, utilize multiple unrelated words.
Consider this password: “Orange fidget phone sanitizer.” This is a relatively easy password to remember but really hard for a computer to guess. While the words themselves are simple, the random pairing of them together pretty much guarantees that the password guesser isn’t going to figure out each word before you will change your password again. Take a look at our article about LastPass for more information on password management.
Our final recommendation, as always, is install critical security updates for your operating system and office productivity applications. Ensure that you have a good antivirus package installed and that you have its full protection enabled. You can still get a virus infection on your computer even if you follow all of our recommendations but you are far less likely to if you are careful and vigilant.
If you would like help with an active infection or help preventing a future infection contact our IT department.