It was just over a year ago when I posted the .locky article on my website describing the ransomware scam I was beginning to see a lot of and I said at the time , we’d be seeing more of this kind of thing.
Well on Friday, a much more virulent variant was back and this time it had hooked up with a very effective new method of propagating itself from one computer to another within a network without the computer user having to do anything to let it in. The ‘WannaCry’ ransomware scam hit tens of thousands , maybe hundreds of thousands of computers, around the world. One of the more visible victims in the U.K. was our NHS.
All that has to happen was one computer user anywhere in an organisation like the NHS clicks on the wrong link or opens the wrong email attachment and BANG – the ransomware is downloaded to that computer. Once the rogue software has established itself on one computer it will set about encrypting all that user’s files. That may be bad enough but the thing that makes this variant very different and a whole lot worse this time around is that it will also attempt to find other computers on the network that it can encrypt as well. It looks for any computers on the network that haven’t been patched with a specific update which Microsoft released in March. (Known as MS017-010) In many large organisations, where there are often a large number of unpatched computers, it can spread to dozens or even hundreds of other computers throughout the organization in minutes. This is what happened in so many NHS trusts in such a short space of time.
So what are we supposed to do to protect ourselves. We were advised on the news channels several times to be ‘very careful’ when we switch on our computers on Monday morning! Really?
How exactly do you switch on a computer ‘carefully’?
Unfortunately, the more useful, practical steps to be taken are still a bit vague and generic but because these threats change from day to day and variant to variant, it is actually very difficult for anyone to be more precise. By the time we might have identified the subject line of the phishing email people should be instructed to look out for, this incident is over and we’re on to the next one. So, generic advice is often all we can give.
However, let’s re-iterate the rules anyway. Here are my 10 best aids to help keep you safe.
- Ensure your email server is effectively filtering out obvious spam and obvious scams before they even get to your inbox.
- Ensure your email client software (usually Outlook) is effectively filtering out ‘Junk email’.
- If you do open an email, make sure you either know who sent it or you were expecting it and that it looks and feels genuine. Many scam emails look suspicious when you look at them closely – bad grammar – bad spelling – unprofessional looking? Put your mouse over hyperlinks, and the from address and try to determine if they are genuine.
- Never have Word or Excel macros enabled by default and if you are asked to enable macros when you open an attachment – don’t.
- You should be able to determine the filetype of any attachment. Avoid running anything that is ‘executable’.
- If you get warning messages saying you are about to download or run an executable program or script – do you really want to do this? Reply No.
- If your antivirus software flags a file you are opening as potentially dangerous, do not over-ride it and open the file anyway. Cancel whatever action you were taking and allow the antivirus software to quarantine the file.
- Browse the Internet with your eyes open. Inspect links before you click. If warning messages come up – pay attention to them. Read them carefully. Never allow any executable code to download and run unless you know exactly what you’re doing.
- Ensure your computer is always up to date with Microsoft updates. Microsoft release updates every week and most of these updates are fixing security issues. You are seriously vulnerable without them. Take the time to run the updates and restart your computer.
- Finally, (and really most importantly), take regular backups of all your important files. (Probably best to backup whole disks for disaster recovery reasons.) If your computer is encrypted by ransomware this may be the ONLY way to recover your stuff. Keep at least one backup offline and disconnected from your computer or network. You don’t want that to get encrypted too!