On the 12th of May, news broke across the world of a major ransomware attack affecting thousands of computers and servers across the globe. Dubbed ‘WannaCry’, the attack utilised a known exploit in Microsoft Windows to take control of a computer and encrypt all its data, requiring individuals and organisations to pay a $300 USD ransom fee (approximately $406 Australian dollars) to access their documents and data.
WannaCry was unlike any other ransomware attack. Instead of just relying on users to click on fraudulent emails, it scanned for open security holes across the internet. By gaining access to one computer exposed to the internet, the malware was then able to compromise others within its local network. As a result, over 100,000 organisations in at least 150 countries were affected, most notably, the National Health Service in the UK. (Source)
How do I prevent this from happening to me?
The severity of this attack is largely due to a delayed response to keeping systems up-to-date with security patches. Microsoft had issued security updates to all versions of Windows affected by the exploit to prevent it from becoming a problem, although many organisations had not deployed it to their networks yet.
So, the first step in ensuring that you are protected is by installing any available software and security updates as soon as they are made available. I often get questions from friends asking whether to apply an update their phone automatically downloaded – the answer is always YES. Apart from distributing enhanced functionality, updates often provide fixes to bugs within the operating system, and more importantly, deliver security patches to protect you and your data from attackers.
Backups are also crucial when something goes wrong. Even if your device was compromised, a backup would easily provide you with the ability to restore the device to normal operation within a short space of time. Cloud-based services, such as iCloud, Google Drive and Microsoft OneDrive, provide you with easy solutions to back your data up, secured and only accessible by using your own account.
Finally, always use your common sense when using the internet. If you see something that catches your eye, ask yourself – is this realistic? You’re more than likely to be disappointed. Check out our previous blog post on watching out for fake emails for more on this issue.