Cybersecurity is back in the news this week.
The WannaCry ransomware or crypto-virus has infected many computers around the world and highlighted that the threat of scams, viruses, trojans, worms and ransomware is very real and that you need to be forever vigilant to keep your systems and your data safe.
In this article I want to remind everyone of some easy and simple ways to keep yourself safe.
The story of the WannaCry ransomware is interesting as it starts with an exploit found when NSA hacking tools were leaked earlier this year. After the exploit was identified, Microsoft quickly patched it in all supported versions of Windows back in March 2017.
So all the computers running supported versions of Windows and kept up-to-date by Windows Update were safe even before the ransomware was released into the wild. The problem is those consumers and companies that are still running old versions of Windows, especially Windows XP as well as companies and users that stop Windows Update from keeping the systems secure.
So enter the WannaCry ransomware which spread like wildfire amongst unprotected machines, encrypting their data and documents and demanding a payment to recover the files with the added time incentives to increase the ransom and the threat to permanently delete the files.
The damage from the virus has been slowed now due to a security researcher, MalwareTech (@MalwareTechBlog), identifying that the virus called out to a specific internet domain. The domain was not registered, so he registered it and realised that the virus stopped activating if the domain was found. It still spreads, but does not encrypt the infected machine's data. By accident, he stopped a global cyber attack (see How to Accidentally Stop a Global Cyber Attacks). Also, in an unprecedented move, Microsoft released Windows Updates for unsupported operating systems to fix the issue in Windows XP and Windows Server 2003.
For a complete run down, please have a read of the great blog article by Troy Hunt MVP. You might know of Troy from his great Have I Been Pwned site (see PSA: ‘;–have i been pwned).
So now you have some background on the issue, what can you do to stay safe? This is advice for companies as well as individuals:
Just a side note, it is not always malicious software that is a problem. Last week I received a Facebook friend request… from someone who was already a friend. Looking at the profile, it had a profile picture but no more information, no other pictures, postings or history. I contacted this friend via phone and she said it was not her. This was a scammer spoofing my friend in an attempt to fool her friends. My friends’ account had not been hacked, her password was not cracked, her account was locked down to friends only. The scammer was still able to fool a number of people, until we reported the account and got it shut down. We posted on the real account to explain what was happening and warn friends and we changed the Facebook password as a precaution.
For more information see:
Keep safe. There are a lot of a#%@holes out there.
15-May-2017: Added link to Microsoft article brought to my notice by Beat Bucher, as well as other related articles.
16-May-2017: Updated details to describe how registering the domain name stops the ransomware from activating, but does not stop it spreading. Added more links from Microsoft.
This article was originally posted on http://www.winthropdc.com/blog.
Filed under: Microsoft, News, Public Service Announcement, Windows Tagged: General, News, Security