This weekend’s global online extortion attack reinforces the need for businesses and other large organizations to update their computer operating systems and security software, cybersecurity experts said.
The attack largely infected networks that used out-of-date software, such as Windows XP, which Microsoft no longer offers technical support for.
“There’s some truth to the idea that people are always going to hack themselves,” said Dan Wire, a spokesman for security firm FireEye. “You’ve got to keep your systems updated.”
The attack that authorities say swept 150 countries this weekend is part of a growing problem of “ransomware” scams, in which people find themselves locked out of their files and presented with a demand to pay hackers to restore their access.
Hackers bait users to click on infected email links, open infected attachments or take advantage of outdated and vulnerable systems. This weekend’s virus was particularly virulent, because it could spread to all other computers on a network even if just one user clicked a bad link or attachment.
Lawrence Abrams, a New York-based blogger who runs BleepingComputer.com, says many organizations don’t install security upgrades because they’re worried about triggering bugs, or they can’t afford the downtime.
Here are five tips to make yourself a less-likely victim:
Make safe and secure backup
Once your files are encrypted, your options are limited. Recovery from backups is one of them. “Unfortunately, most people don’t have them,” Abrams says. Backups often are also out of date and missing critical information. With this attack, Abrams recommends trying to recover the “shadow volume” copies some versions of Windows have.
Some ransomware does also sometimes targets backup files, though. You should make multiple backups – to cloud services and using physical disk drives, at regular and frequent intervals. It’s a good idea to back up files to a drive that remains entirely disconnected from your network.
Update and patch your systems
The latest ransomware was successful because of a confluence of factors. Those include a known and highly dangerous security hole in Microsoft Windows, tardy users who didn’t apply Microsoft’s March software fix, and malware designed to spread quickly once inside university, business and government networks. Updating software will take care of some vulnerability.
“Hopefully people are learning how important it is to apply these patches,” said Darien Huss, a senior security research engineer for cybersecurity firm Proofpoint, who helped stem the reach of the weekend attack. “I hope that if another attack occurs, the damage will be a lot less.”
The virus targeted computers using Windows XP, as well as Windows 7 and 8, all of which Microsoft stopped servicing years ago. Yet in an unusual step, they released a patch for those older systems because of the magnitude of the outbreak.
“There’s a lot of older Windows products out there that are ‘end of life’ and nobody’s bothered to take them out of service,” said Cynthia Larose, a cybersecurity expert at the law firm of Mintz Levin.
Use antivirus software
Using antivirus software will at least protect you from the most basic, well-known viruses by scanning your system against the known fingerprints of these pests. Low-end criminals take advantage of less-savvy users with such known viruses, even though malware is constantly changing and antivirus is frequently days behind detecting it.
Educate your workforce
Basic protocol such as stressing that workers shouldn’t click on questionable links or open suspicious attachments can save headaches. System administrators should ensure that employees don’t have unnecessary access to parts of the network that aren’t critical to their work. This helps limit the spread of ransomware if hackers do get into your system.
If hit, don’t wait and see
Some organizations disconnect computers as a precautionary measure. Shutting down a network can prevent the continued encryption – and possible loss – of more files. Hackers will sometimes encourage you to keep your computer on and linked to the network, but don’t be fooled.
If you’re facing a ransom demand and locked out of your files, law enforcement and cybersecurity experts discourage paying ransoms because it gives incentives to hackers and pays for their future attacks. There’s also no guarantee all files will be restored. Many organizations without updated backups may decide that regaining access to critical files, such as customer data, and avoiding public embarrassment is worth the cost.
Ryan O’Leary, vice president of WhiteHat Security’s threat research center, points out that this weekend’s hackers weren’t asking for much, usually about $300. “If there is a silver lining to it, you’re not out a million dollars,” he said.
Still, “My answer is, never pay the ransom,” Abrams said. “But at the same time, I also know that if you’re someone who’s been affected and you’ve lost all your children’s photographs or you’ve lost all your data or you lost your thesis, sometimes $300 is worth it, you know?”