Ransomware attacks continue to occur and will become more prevalent in the future. It is more a problem for businesses than individuals but that does not mean that ordinary people should be less vigilant. The latest attack on Friday Sept. 15, 2016, “WannaCry” ransomware had far reaching effects. It appears that this was a code that was retrieved from the last Wiki Leaks breach of NSA files. The loss of the file was not reported and software producers had no time to prepare. The result was a ransomware attack that hacked computers in 150 countries around the world.
Users were warned years ago that Microsoft XP was depreciated and there would be no support or updates. Some did not heed those warnings due to the cost of new hardware and or proprietary software created to serve niche markets. Microsoft however issued an emergency patch to fix the breach on the affected systems. The latest “WannaCry” hack exploited the vulnerability in these operating systems and users who failed to have automatic updates turned on or did not have their software updated placed many in peril. The hack shut down hospitals, universities, warehouses and banks. Health Care facilities in Britain were severely impacted and had to cancel day surgeries as their systems were locked up.
A computer researcher found a kill in the code in the hack code was used to neutralizes the hack. Today there have been no new attacks but everyone is now on heightened alert as to the next attack, particularly because the hack was re-issued without the kill switch.
One difference in this hack is that, while other hacks required the user to click on some link or attachment, this one did not require any user intervention. It was exploiting settings in the OS and required no user activation. The damage appears to be more expensive that the cost of hardware or software repair.
The suggestion is that those attacked not pay the ransom because there is no guarantee that the file will be released after payment is made. Giving in also empowers the hackers to continue their attack on others. What can be done to prevent this threat?
The suggestion is that the infected machines be reformatted and the backup files restored to avoid residual contamination.
- One possibility is to preform daily cloud or manual backups.
- Keeping your software updated.
- compartmentalizing authentication systems and domains,
- keeping up-to-date storage snapshots outside the main storage pool
- enforcing hard limits on who can access data and when access is permitted.
Have you been a victim of ransomware ? How did you deal with the problem? Please share with us, we would like to hear from you?