The online extortion attack this weekend reinforces the need for companies and other large organizations to update their operating systems and security software, cyber security experts said. The attack has largely infected networks that use obsolete software, such as Windows XP, for which Microsoft no longer offers technical support. “There is some truth in the idea that people will always kidnap,” said Dan Wire, a spokesman for security firm FireEye. “You need to keep your systems up to date.”
The attack that authorities described as sweeping 150 countries this weekend is part of a growing problem of “ransomware” scams, where people are trapped in their files and presented with a request to pay hackers to restore your access. Hackers call on users to click on infected e-mail links, open infected attachments, or exploit obsolete and vulnerable systems. The virus this weekend was particularly virulent because it could spread to all other computers on a network, even if only one user clicked on an incorrect link or attachment. Lawrence Abrams, a New York-based blogger and manager at BleepingComputer.com, says many companies do not install security updates because they are afraid of triggering bugs or can not afford downtime.
Make secure backups
Once your files are encrypted, your options are limited. The recovery of the backups is one of them. “Unfortunately, most people do not have them,” says Abrams. Backups are often obsolete and contain critical information missing. With this attack, Abrams recommends trying to recover the “ghost volumes” of some versions of Windows. Some ransomware also sometimes addresses the backup files.
You must perform multiple backups, for cloud services and the use of physical disk drives, at regular and frequent intervals. It is a good idea to back up your files to a drive that remains completely disconnected from your network.
Update and fix your systems
The last ransomware was a success due to a confluence of factors. These include a known and very dangerous security hole in Microsoft Windows, late users who have not applied Microsoft’s March software patch and malware designed to quickly spread once in academia, business and government. The software update will take care of some vulnerabilities.
“I hope people are learning how important it is to implement these patches,” said Darien Huss, senior security research engineer at Proofpoint, a cyber security company that helped stop the attack last weekend. “I hope that if another attack occurs, the damage will be much less.”
The virus targeted computers with Windows XP, as well as Windows 7 and 8, which Microsoft stopped repairing years ago. However, in an unusual step, they published a patch for these old systems due to the magnitude of the epidemic.
“There are a lot of old Windows products that are at the end of their lives and no one has bothered to put them out of service,” said Cynthia Larose, computer security expert at law firm Mints Levin.
Using antivirus software
The use of antivirus software will protect you from at least the most basic and known viruses when scanning your system against the known fingerprints of these parasites. Low-level offenders take advantage of less experienced users with these known viruses, even though malware is constantly changing and the antivirus is often days after it is detected.
Educate your workforce
A basic protocol such as stress that workers do not have to click suspicious links or open suspicious attachments can avoid headaches. System administrators must ensure that employees do not have unnecessary access to parts of the network that are not essential to their work. This helps limit the spread of ransomware if hackers enter your system.
If they hit you, do not wait and see
Some companies turn off computers as a precaution. Stopping a network can prevent more encryption and possible loss of more files. Hackers sometimes encourage you to keep your computer on and connected to the network, but make no mistake.