On May 12, hundreds of thousands of computer owners at home and at work – across 150 countries – woke to the unpleasant reality that their data was being held for ransom. Yikes.
Microsoft had released a patch for the appropriately named cryptoworm – WannaCry – but many didn’t install it. And those who were understandably still attached to the oldie-but-goodie Windows XP didn’t stand a chance, as Microsoft stopped releasing patches for it in 2014.
Few were surprised that the attack targeted Windows, since that ubiquitous OS is the favorite of most attackers. Windows dominates the market, so the more victims the merrier for the attack community. “Only Windows computers were affected by this attack,” Ruby Gonzalez, head of communications at NordVPN, told Design News. “Historically, Windows has been more prone to attack. Apples and Linux as not attacked as often.”
Getting Your Patch Updates Automatically
Most Windows users receive their patches through the IT department at work, or they subscribe to receiving the patches automatically from Microsoft. Restart the computer every few days, and most of us watch the newest patches load. But not everyone, apparently. “The main reason people are vulnerable to ransomware is they don’t update their patches,” said Gonzalez. “If the users – companies or individuals – updated back when the patch came out, this attack probably wouldn’t have happened.”
You may not remember it, but you were asked if you wanted to receive automatic updates from Windows when you opened your new computer. If you took on a used computer, you might have missed this step. “What most security experts recommend is setting up automatic updates, which install as soon as they’re available,” said Gonzalez.
Protecting the Corporate Network
With WannaCry, one bad apple was able to spoil the network. “Research shows that human factors affect malware,” said Gonzalez. “In this case, it was enough for one person on the network to open an email that was infected. Training employees is very important.”
One of the thorny issues for manufacturing and process plants is dealing with production facilities that run three shifts. If you’re operating 24/7, when are you going to restart so the patches take affect? “Most of the updates require restarting. That’s an issue for production facilities and large companies that need to run 24/7,” said Gonzalez. “For them, we recommend they work with a company or hire an expert who can schedule updates that don’t affect operations.”
NordVPN offers seven simple ways to protect yourself against ramsomware:
1. Don’t forget to install latest security updates. Security updates often contain patches for latest vulnerabilities, which hackers are looking to exploit.
2. Don’t open anything suspicious you receive through email. Delete dubious emails from your bank, ISP, or credit card company. Never click on any links or attachments in emails you’re not expecting. Never give your personal details if asked via email.
3. Back up all data. Back up your data in an alternate device and keep it unplugged and stored away. Backing up data regularly is the best way to protect yourself from ransomware because only unique information is valuable.
4. Use a VPN for additional safety. Using a VPN when browsing can protect you against malware that targets online access points. That’s especially relevant when using a public hotspot. However, keep in mind that a VPN cannot protect you from downloading malware. While a VPN encrypts your activity online, you should be careful when downloading and opening certain files or links.
5. Close pop-up windows safely. Ransomware developers often use pop-up windows that warn you of some kind of malware. Don’t click on the window - instead, close it with a keyboard command or by clicking on your taskbar.
6. Use strong passwords and a password manager. Perhaps the most basic requirement for any online account setup is using strong passwords, and choosing different passwords for different accounts. Weak passwords make it simple for hackers to break into an account. A strong password has a minimum of 12 characters, and includes a strong mix of letters, numbers and characters. It’s not easy to remember strong passwords for each site, so it’s recommended to use a password manager, such as truekey.com, LastPass and 1Password.
7. Use anti-virus programs. Make sure you have installed one of the latest reputable anti-virus programs to make sure you are fully protected.
Rob Spiegel has covered automation and control for 17 years, 15 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cyber security. For 10 years, he was owner and publisher of the food magazine Chile Pepper.
Image courtesy of NordVPN.