A decade-old form of malicious software known as ransomware has been making headlines after cybercriminals hijacked hundreds of thousands of computers worldwide.
Ransomware, which is often transmitted by email or web pop-ups, involves locking up people’s data and threatening to destroy it if a ransom is not paid. The global cyberattack has affected 200,000 Windows computers in more than 150 countries, including China, Japan, South Korea, Germany and Britain.
The cybercriminals have generally targeted hospitals, academic institutions, blue-chip companies and businesses like movie theater chains. The attacks highlight the challenges that organizations face with consistently applying security safeguards on a large scale.
“Not only individuals, but even governments and big companies with so much to lose fail to secure their systems and train their employees about necessary security practices,” said Marty P. Kamden, a marketing executive for the private network service provider NordVPN. “Cautious online behavior would probably have prevented the malware from infecting the network in the first place.
What can businesses and individuals do to protect themselves from ransomware? Here are some tips from security experts.
Update your software
Security experts believe the malware that spurred this global attack, called WannaCry, may have initially infected machines by getting people to download it through email. After that, the malicious code was able to easily travel to a broader network of computers that were linked together through the Windows file-sharing system. (Users of Macs or other non-Windows computers were not affected.)
The most disheartening revelation from the cyberattack was that there was a fix available for the ransomware before the attack. Microsoft, which makes Windows, released a patch for the WannaCry vulnerability eight weeks ago, said Chris Wysopal, the chief technology officer of Veracode, an application security company.
In other words, if people had simply stayed on top of security updates, their machines would not have been infected. “People kind of got complacent and not vigilant about updating their machines,” Mr. Wysopal said.
Consumers can remedy this by configuring their Windows machines to automatically install the latest software updates.
Even though WannaCry specifically targeted Windows machines, that does not mean Mac or Linux users are off the hook in the future. Other breeds of malware may infect various operating systems, so no matter which device you are using, you should regularly update your software to install the latest security enhancements.
Install antivirus software
In addition to keeping Windows up-to-date with the latest security enhancements, antivirus software can prevent malware from infecting your computer. Mr. Kamden of NordVPN said 30 percent of popular antivirus systems were capable of detecting and neutralizing the ransomware.
Of course, with antivirus software, the same principle applies: Make sure to keep the antivirus app up-to-date, too, so it blocks the latest emerging malware. Also, download antivirus apps only from reputable vendors like Kaspersky Lab, Bitdefender or Malwarebytes, Mr. Kamden said.
Be wary of suspicious emails and pop-ups
Security experts believe WannaCry may have initially infected machines via email attachments. The lesson: Avoid clicking links inside dubious emails, Mr. Kamden said.
How do you spot a fishy email? Look carefully at the email address of the sender to see if it is coming from a legitimate address. Also, look for obvious typos and grammatical errors in the body. Hover over hyperlinks (without clicking on them) inside emails to see whether they direct you to suspicious web pages. If an email appears to have come from your bank, credit card company or internet service provider, keep in mind that they will never ask for sensitive information like your password or social security number.
In addition, ransomware developers often use pop-up windows that advertise software products that remove malware. Do not click on anything through these pop-ups, then safely close the windows.
Create backups of your data
In the event that a hacker successfully hijacks your computer, you could rescue yourself with a backup of your data stored somewhere, like on a physical hard drive. That way, if a hacker locked down your computer, you could simply erase all the data from the machine and restore it from the backup.
In general, you should be creating a copy of your data in the first place, in case your computer fails or is lost. To be extra safe from hackers, after backing up your data onto an external drive, unplug the drive from the computer and put it away.
Create a security plan for your business
For larger businesses with hundreds or thousands of employees, applying security updates organizationwide can be difficult. If one employee’s machine lacks the latest security software, it can infect other machines across the company network.
Mr. Wysopal said businesses could learn from how WannaCry spread through the Windows file-sharing system by developing a strict schedule for when computers companywide should automatically install the latest software updates. Businesses should determine the best time to apply these security updates to office computers without interrupting productivity, he added.
Information technology professionals should also regularly educate and test employees on spotting suspicious emails, said Matt Ahrens, vice president of Crypsis, a cybersecurity firm.
What to do if already infected
If you are already a victim of ransomware, the first thing to do is disconnect your computer from the internet so it does not infect other machines. Then report the crime to law enforcement and seek help from a technology professional who specializes in data recovery to see what your options might be. If there are none, don’t lose hope: There may be new security tools to unlock your files in the future.
In some extreme cases, it might make sense to pay a ransom if you have no backups and the encrypted files are valuable, Mr. Wysopal said. But he added that with WannaCry, people definitely should not pay the ransom. That’s because the hackers are apparently overloaded with requests from victims asking for their data to be released — and many who have paid the ransom are not hearing back. By BRIAN X. CHEN
Contact us for help if you suspect your are infected.
There are more reasons than ever to understand how to protect your personal information.
Major website hackings seem ever more frequent. Investigators believe that a set of top-secret National Security Agency hacking tools were offered to online bidders this summer.
And many of those worried about expanded government surveillance by the N.S.A. and other agencies have taken steps to secure their communications.
In a recent Medium post, Quincy Larson, the founder of Free Code Camp, an open-source community for learning to code, detailed the reasons it might be useful for people to make their personal data more difficult for attackers to obtain.
“When I use the term ‘attacker’ I mean anyone trying to access your data whom you haven’t given express permission to,” he wrote, “whether it’s a hacker, a corporation or even a government.”
In an interview, Mr. Larson walked us through some of the basic steps he recommended. We added a few of our own, based on additional interviews.
Now, let’s encrypt.
1. Download Signal, or Start Using WhatsApp to send text messages.
Encryption is a fancy computer-person word for scrambling your data so no one can understand what it says without a key. But encrypting is more complex than just switching a couple of letters around.
Mr. Larson said that by some estimates, with the default encryption scheme that Apple uses, “you’d have to have a supercomputer crunching day and night for years to be able to unlock a single computer.”
He said the best way to destroy data was not to delete it, because it could potentially be resurrected from a hard drive, but to encode it in “a secure form of cryptography.”
Signal is one of the most popular apps for those who want to protect their text messages. It is free and extremely easy to use. And unlike Apple’s iMessage, which is also encrypted, the code it uses to operate is open source.
“You can be sure by looking at the code that they’re not doing anything weird with your data,” Mr. Larson said.
“In general, the idea behind the app is to make privacy and communication as simple as possible,” said Moxie Marlinspike, the founder of Open Whisper Systems, the organization that developed Signal.
That means that the app allows you to use emojis, send pictures and enter group texts.
One bit of friction: You do have to persuade your friends to join the service, too, if you want to text them. The app makes that easy to do.
WhatsApp, the popular chat tool, uses Signal’s software to encrypt its messaging. And in Facebook Messenger and Google’s texting app Allo, you can turn on an option that encrypts your messages.
Mr. Marlinspike said the presidential election had spurred a lot of interest in Signal, leading to a “substantial increase in users.”
When asked to speculate why that was, Mr. Marlinspike simply said, “Donald Trump is about to be in control of the most powerful, invasive and least accountable surveillance apparatus in the world.”
Signal is available for both Android and iOS.
2. Protect your computer’s hard drive with FileVault or BitLocker.
Your phone may be the device that lives in your pocket, but Mr. Larson described the computer as the real gold mine for personal information.
Even if your data were password protected, someone who gained access to your computer “would have access to all your files if they were unencrypted.”
Luckily, both Apple and Windows offer means of automatic encryption that simply need to be turned on.
3. The way you handle your passwords is probably wrong and bad.
You know this by now. Changing your passwords frequently is one of the simplest things you can do to protect yourself from digital invasion.
By JONAH ENGEL BROMWICH
Please contact us for more information.
How do I know if my computer updated itself to the new Creators version of Windows 10 that just came out?
Windows 10 Creators Update is also known as Version 1703. You can check in the About section of the System settings to see if you have it. CreditThe New York TimesA. Microsoft’s recently released Creators Update for Windows 10 is also known as Version 1703. You can see what version number is currently running on your PC by pressing the Windows and I keys to open the Settings app (or choosing the Settings app from the Start menu) and selecting the System icon.
At the bottom of the list on the left side of the System Settings box, choose About. Here, you can see the edition of Windows 10 installed on the computer (like Windows 10 Home or Windows 10 Pro), along with the version number and other technical information. If you see 1703 listed as the version number, your computer has updated itself to the Creators Update.
Last month’s upgrade to Windows 10 was Microsoft’s most recent revision of its Windows 10 operating system, arriving less than a year after the Anniversary Update (Version 1607) in August 2016. The Creators Update includes several new features like a 3-D revamp of the Paint program. Another way to see if you have the latest version of Windows 10 is to check your Apps list for the new Paint 3D program. The Creators Update also brings improvements to the Microsoft Edge browser and enhancements designed for video game players.However, as with any major system update, bugs are bound to surface. On Microsoft’s own online forums, some users have reported problems with Bluetooth and internet connectivity, computer-memory issues, Dolby sound failures, crashing apps and other woes. System patches and workarounds will hopefully fix these issues in the near future.
If your computer has already updated itself to the new version, you may want to explore the Settings app a bit more to make sure you have the new operating system configured the way you want it. For example, open the Privacy icon on the main Settings screen to confirm the amount of personal data you want to share with Microsoft.
By J. D. BIERSDORFER