Authored by a Symantec employee
UPDATE: Reflects latest about recent ransomware attacks.
In recent weeks, reports emerged of a variant of ransomware known as “WannaCry” began infecting Windows computers, and was spotted in about 70 countries.
A well-known form of malware, ransomware ruthlessly holds a computer’s data for ransom via encryption. If the user doesn’t pay the cybercriminal a certain amount of money within a certain amount of time, their data will be lost forever.
In this particular case, WannaCry demands that users pay a $300 ransom in bitcoin. If the user does not pay within three days, the amount will be doubled. If payment is not made within a week, the files will be deleted.
Security researchers caught on to the threat quickly and have made attempts to curb its infection rate. Unfortunately, this malware not only spreads itself rapidly, it also evolves quickly to avoid any attempts at mitigation. According to Europol, in just the short time since it was first discovered, the outbreak has increased to more than 200,000 users in 150 countries.
This ransomware threat is still very active on the internet, and you should take immediate care in order to not become one of its victims. Be sure you are using and updating security software in order to stay protected from the latest discovered versions of this ransomware. Patches have already been released by Microsoft, including patches for previously unsupported operating systems (XP, 2K3, Windows 8).
Additionally, once you are sure your computer is clear of infection, perform a backup of your hard drive. After you have completed the backup, be sure you have unplugged your hard drive from the machine for safe storage.
As of 05/14, Symantec Security researchers have collected a large number of new samples and are currently trying to identify the new and emerging versions of this malware. Norton products cover a large number of these newly discovered samples, including Ransom.Wannacry.
The VERY first thing you should do is update your computer’s operating system. Patches are being released for this particular variant of malware.
For more long-term prevention of ransomware attacks, follow these ransomware tips for businesses and consumers:
- New ransomware variants appear on a regular basis. Always keep your security software up to date to protect yourself against them.
- Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
- Email is one of the main infection methods. Be wary of unexpected emails, especially if they contain links and/or attachments.
- Be especially wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
- Backing up important data is the single most effective way of combating ransomware infection. Attackers have leverage over their victims by encrypting valuable files and leaving them inaccessible. If the victim has backup copies, they can restore their files once the infection has been cleaned up. However, organizations should ensure that backups are appropriately protected or stored offline so that attackers can’t delete them.
- Using cloud services could help mitigate ransomware infection, since many retain previous versions of files, allowing you to “roll back” to the unencrypted form.
Here are some other helpful things to keep in mind from Kevin Haley, director, Symantec Security Response.
Ransomware is an online form of the bully’s game of keep-away. Here, the bully gets on your computer and takes your personal files: documents, photos, financial information, all the things you care about. Those files are still on your computer, dangling in front of you, but they are encrypted now, useless to you. In order to get them unencrypted, you’ll need to pay the bully 300-500 dollars.
This is the fastest growing crime on the internet. It grew by 4500% in 2014, and shows no signs of stopping, it's just too profitable for the bullies. How do you stop the bullies? There are five things that will make a tremendous difference.
Five Simple Dos and Don’ts:
- Don’t pay the ransom. I can hear someone asking, “But won’t you get your files back if you pay the ransom?” Just like a bully who tires of the keep-away game, you likely will get your files back if you pay. But you may not. Sensing a sucker on the hook, you might get asked to pay again and again. But let’s say you’ve got an honest thief, one willing to unlock your files if you pay. Why would you ever give money to a crook? Especially one who will use the money to fund playing bully to a host of other people? It just doesn’t seem right to me.
- Don’t click on attachments in email. There are a lot of different gangs running ransomware scams, who use different ways to try and infect you. One of the most popular is using spam. The email could be saying there was a package for you that couldn’t be delivered. Or a cool screensaver that you should install. Whatever the con, the bad guys want you to click on an attachment to install the malware. Don’t do it. Just don’t click.
- Do keep software up to date. The bad guys know about weaknesses in the software on your PC before you do. And they try to use them to get on your machine. It's called exploiting a vulnerability. Patching removes the vulnerability. If you’re asked if you want to update your software – Do. It. Now. Waiting only helps the bad guys.
- Do use security software. If you have a friend who is a security expert, who spends 24/7 keeping up on all the latest malware threats and watches over your shoulder whenever you are on your computer, you’ll be pretty safe on the internet. Otherwise, get good security software to do that. Make sure it is more than Anti-Virus. I recommend Norton Security.
- Do back up. No one ever thinks anything bad will happen to them, until it does. I sure hope you never have ransomware infect your machine. But if it ever does, wouldn’t it be nice to have a copy of all your files somewhere safe? You can tell the bully where to get off. Everyone knows they need to back up their files. Now you have one more very good reason to do it.
These ransomware bullies are preying on us. But just by following a few simple dos and don’ts we can protect ourselves from them. And protect ourselves from all the other malware bullies out there.
Disclaimers and references:
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
© 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.