The spread of the WannaCry ransomware attack released around the world in May has been contained by security patch updates, but the fallout is still spreading, experts warn. The NSA-created malware, stolen by the Shadow Brokers hacking group and spread online by Chinese hackers, has spread to over 200,000 machines in over 150 countries. The original malware exploited a security flaw in older versions of Windows to hijack users’ machines in demand for ransom. Now the same vulnerability is being used to distribute a Trojan horse malware called BackDoor.Nitol that opens backdoors on infected machines, along with another Trojan horse called Gh0st RAT that can seize control of a machine and use it to spy or steal data. To avoid becoming a victim of the new wave of attacks and other similar attacks, it’s prudent to take preventive measures based on what we’ve learned from this attack. Here are four vital lessons to take away from May’s worldwide cyberattack.
The WannaCry attack has been selective in its targeting. Smartphones such as the Apple iPhone 7, Samsung Galaxy S8 and LG G6 haven’t been affected. Only computers running Windows have been affected, and it’s only computers running older versions of Windows that are vulnerable. Computers using Windows 10, which runs automatic security updates, aren’t affected at all.
This illustrates that the most important security measure you can take is staying updated on the latest security patches, says Dark Reading contributor Ericka Chickowski. Continuously updating your operating systems, browsers and antivirus software will help protect you against the vast majority of security threats. This step is very easy to automate while failing to take it leaves you vulnerable.
While WannaCry is able to exploit vulnerabilities in Windows, it also has security vulnerabilities of its own, resulting from the fact that its developers used very sloppy code. Files in your Desktop and Documents folders are most vulnerable to WannaCry, but some files don’t actually get deleted but merely hidden, while other files get moved to a temporary folder. As a result, you may be able to unhide or retrieve many of your files, say Kaspersky Lab experts.
This illustrates that you shouldn’t necessarily despair over ransomware. While it may be tempting to pay the ransom, doing so could make you a target for future attacks, says the FBI. First, see if you can recover the files before considering more drastic measures. If you do decide to pay the ransom, hire a reputable information security firm to manage the transaction for you.
Britain’s Howard County was able to avoid the effects of WannaCry despite infections that hit neighboring countries due to better backup policies. Where other countries typically only had one backup that was vulnerable to encryption by the malware, Howard County follows the best practice of keeping three copies, including a cloud backup, a tape backup, and a disc-to-disc backup. This enables rapid file recovery, making paying a ransom unnecessary.
Backing up your data properly can keep you from being held for ransom. However, bear in mind that in real-time, ransomware can hit you between backups, so make sure you schedule regular automated backups to avoid getting caught off-guard between backup cycles.
The BackDoor.Nitol and Gh0st RAT Trojan horse attacks in the wake of the WannaCry attack illustrate that follow-up attacks can compound the risk presented by an initial wave of attacks. Other follow-up attacks have been reported using different methods. Some hackers use pop-ups that falsely claim you’ve been infected by WannaCry in order to get you to call a fake number for phony assistance, in an attempt to trick you into giving their representative remote control of your computer. Another scam is uploading fake WannaCry protection to app sites in order to trick mobile phone users into downloading them.
Stay on guard against these kinds of follow-up attacks. When removing malware from your system, make sure you only download security patches from reliable sources, such as official sites of software and antivirus providers. Follow directions to make sure the malware is thoroughly removed and not still hiding somewhere on your system.