Last week, hackers launched a SamSam ransomware attack against the city of Atlanta, disabling a number of city services. To regain access, hackers demanded six bitcoins in payment (about $51,000). And Atlanta isn't alone in facing these threats. At the same time, Baltimore experienced an attack on its 911 system and the Colorado Department of Transportation was hit last month.
Ransomware encrypts files on the infected computers, making these files inaccessible, and only releases the code to unencrypt the files when the user pays a bitcoin ransom. It’s unknown how many companies have paid or plan to pay the ransom, but with critical data like patient records on the line and production lines shut down, companies have often chosen to pay up rather than lose those records forever.
What is, perhaps, most disappointing about these recent attacks is that they are 100% preventable. The SamSam ransomware took advantage of software that hadn't been updated. The risks of continuing to use outdated software are well known, yet organizations failed to take prudent measures to keep their systems up to date. Now they, and in many cases “we”, as customers and citizens, are paying the price.
The good news here, to the extent there is good news, is that protecting ourselves against ransomware is not difficult. If you follow these simple steps, you should be safe from ransomware and most other cyber threats likely to come your way.
1. Keep your system up to date
If you are running Windows XP or Vista, you should immediately update your system to Windows 10 or buy a new computer. As we warned back in 2014, Microsoft is no longer supporting these ancient versions of Windows and continuing to use them makes you a prime target for cyber-attacks. And even an entry model $500 computer that will be far more powerful than your current XP one.
For those using Windows 7 and newer, make sure that you have Automatic Updates enabled so new security patches are installed as soon as they are available. These versions of Windows had already been patched by Microsoft to specifically prevent these types of ransomware attacks.
2. Use a reliable antimalware program
While antimalware programs can’t defend against every attack, they can prevent the vast majority of commonly-found malware from infecting your computer. And when new malware is discovered, antimalware providers quickly distribute updates to block it. We recommended Kaspersky Internet Security, Bitdefender Total Security and Symantec Norton Security Premium. And antimalware isn’t just for Windows users. Ransomware has been discovered for Macs, too.
3. Back up your data – no, really back up your data
It’s important to back up your data for a number of reasons; and the threat of ransomware is definitely one of them. But it’s not enough just to back up to an external hard drive, or even to the cloud. Many ransomware programs are specifically designed to search out backup devices, even across your network and cloud storage, encrypting everything in its path. To protect yourself, you either have to make regular backups to an external hard drive, which you then detach from your system after the backup (a pain to manage), or use a cloud service that provides automatic versioning so that if the most recent versions are encrypted, you can still recover from earlier versions. We’ve always been fans of Dropbox, which offers a 1TB storage plan for around $100 per year.
4. Keep your browser and plug-ins up to date
Some malware, including ransomware, can be delivered via “drive-by” infections. Taking advantage of vulnerabilities in common browser plugins, like Flash or Java, simply visiting a compromised site, or even viewing a malicious ad on an otherwise safe site, is all it takes for the malware to take hold. So in addition to keeping your operating system up to date, it’s just as important to keep your browser and its associated plug-ins up to date.
5. Avoid ransomware in the first place
Some ransomware, like WannaCry ransomware that just hit Boeing, is spread by email through an encrypted zip file attachment. You click on the attachment and unzip the file and all your precious files are now toast. This common social engineering trick has been around for years and, despite repeated warnings not to click on unknown email attachments, it’s still as effective as ever, as evidenced by the immense global success of WannaCry back in 2017.
DON’T BE THAT PERSON. Don’t click on or open files in email unless you know exactly what they are. Since sender names can be spoofed, simply seeing that the sender is a friend, relative or colleague is not enough. If in doubt, contact them directly to confirm that they sent you the file before you start clicking. And that goes for links, too, that may send you to infected websites (see #4 above).
Updated on 3/29/2018 with SamSam ransomware outbreak information.
[Image credit: ransomware concept via BigStockPhoto]
From Buster Chappell on March 29, 2018 :: 10:53 am
“What is, perhaps, most disappointing about these recent attacks is that they are 100% preventable. The SamSam ransomware took advantage of software that hadn’t been updated.”
Unfortunately the inmates have been in charge of the asylum there for many decades now! Incompetence hasn’t been missing in the ATL!
Reply