As the clock draws closer to midnight, a sense of relief fills your body while putting the finishing touches on the filing due in just a matter of minutes. Suddenly a screen appears claiming to have encrypted hundreds of file types on your computer and demands a $300 bitcoin ransom to recover these files. The message threatens the fee will double after three days and files will be deleted if not paid within seven days. Frantic attempts to close this window are useless and in a panic, you attempt to reopen the Word document you are about to file to no avail. After many long hours of tireless effort, your document has been compromised just moments before it must be filed and all you wanna do is cry. You’ve been hit with WannaCry ransomware.
If this name sounds familiar, you may remember the flood of news reports that emerged on May 12 surrounding an attack that crippled many computers and networks worldwide including Britain’s National Health Service. Since that time, it has impacted hundreds of thousands of computers across the world, making those connected to networks particularly vulnerable due to its ability to quickly infiltrate into both files stored on shared network drives and in turn intruding other computers connected to the network.
Who is at risk?
This specific strand of ransomware specifically targets computers with a Windows Operating System without recent updates applied. While individual computers can be impacted, those with computers on networks should be on high alert as this strand will attack network files, thus spreading to other computers connected to the network.
Nonetheless, it is important to remember that computers with a Mac Operating System are still at risk for other forms of malware and therefore the precautions listed below should still be heeded. In fact, per McAfee, instances of Mac OS malware grew 744 percent in 2016.
How to protect yourself
While there is no way to completely prevent malware attacks, this strain is a great example of why it is important to ensure your computer is always kept updated. These updates include things such as patches and fixes to the computer’s operating system, security software updates, and anti-virus definition updates as they become available.
As a general practice, always be extremely cautious when opening email attachments or clicking on links, especially those that you are not expecting or attachments that request you to enable macros. If you are unsure of its legitimacy, it is best to contact the sender by phone to find out if they sent you a legitimate link or attachment prior to clicking on it. This is important as sometimes, the sender’s email account can be compromised and an actual hacker, not an automated bot, will answer the emails.
Similarly, be wary of visiting unknown sites or those not operated by a well-known, respectable source. Do not download and install items from websites that are not operated by a known or reputable entity. If you are uncertain, it is always best to ask your IT department or consultant if possible. Otherwise, be sure to conduct appropriate due diligence by performing a Google search regarding the website and its download(s).
Finally, ensure you have consistent backups being performed of your files that are stored offline or in a different location (including the cloud) to eliminate any risk of infection to the backups. With solid backup files available, the leverage an attacker has is greatly diminished.
What are my options if I get hit with the WannaCry ransomware?
First and foremost, if you have an IT department or IT consultant, contact them immediately so that they can take appropriate measures to reduce the potential of it spreading across the network.
The FBI, Department of Justice, and other experts caution against paying the ransom for multiple reasons, including that the code makes it difficult for the attackers to determine which computer paid the ransom and therefore the files will likely not be decrypted despite the messaging on the screen. Secondly, the hackers are counting on people paying the ransom; the higher the rate of payment, the more incentive to continue similar attacks against the same target.
Your IT department may be able to help you obtain and implement possible solutions, such as:
Some third-party tools can decrypt the files if the computer has not been restarted since compromised.
Other tools simply “undelete” the files, although files originally saved to the “Desktop,” “My Documents,” a flash drive or an external hard drive are typically unable to be recovered utilizing this type of tool.
Finally, if backups are available, your IT department can help you wipe your computer and restore the files. It is important to remember that most backups only run once per day and therefore may not be inclusive of all changes made during that specific day.
With so many threats of harm, it is imperative to proactively protect yourself with appropriate security measures to maintain the overall security of your computer, including well-maintained backups to prevent a complete loss of valuable information.•
Deanna Marquez ([email protected]) is a co-owner of the Indianapolis based legal technology company, Modern Information Solutions LLC. Areas of service include traditional and managed IT services, software training and litigation support including trial presentation services. The opinions expressed are those of the author.