Unless you’ve been living under a rock for the past couple of weeks, you’ve undoubtedly heard about the ransomware virus, aptly named “WannaCry,” spreading across the globe and wreaking a record amount of havoc in the IT world. Unleashed on a Friday, it initially infected over 50,000 computers. By the following Monday morning, that number had risen to a whopping 200,000. The malware attack has spared no one, infecting systems indiscriminately in dozens of countries and across all types of businesses.
The attack is very straightforward. It masquerades as a legitimate file in an email attachment; once downloaded by a user, it quickly gobbles up every file it can get its sticky little hands on. On a more technical note, what ransomware actually does is it encrypts your files, rendering them completely useless without the correct decryption key. The catch, and the reason this has become such a popular attack, is that you are offered the key to decrypt your files — for a small fee of a few hundred dollars.
The payments are virtually untraceable, and the encrypted files are impossible to decrypt without the key (unless you’re hiding a Chinese supercomputer in your basement). Individuals have made millions of dollars this way, and there doesn’t appear to be any end in sight.
As an IT professional who has seen firsthand the damage these attacks can cause, there really is only one solution — you must back up everything you want to keep safe. By simply backing up your files, you render the ransomware attack virtually useless, as you can restore your files from your backed-up copy. In addition to backing up your files, it is also prudent to download and install security patches as soon as they are released for any operating system and software you use.
Unfortunately, and even more surprisingly, many large organizations don’t protect themselves from this now common form of malware. These are institutions such as hospitals, universities, and even government agencies, that have failed to follow the simple, standard IT protocol of maintaining backups. It is unfathomable to me that such attacks are still so devastating when the known solution is very easy to implement.
Only the start
This has been just the tip of the iceberg, as ransomware and other malware attacks will continue to grow as long as users and organizations fail to protect themselves.
You’ve probably heard it a thousand times, but you should never open a message from an email address you aren’t familiar with. It seems like a pretty easy rule to follow, and it is, but this is by far the easiest way for an intruder to gain access to your system. Checking email has become a daily occurrence for practically everyone that has an email account, and just like other daily activities that develop into a routine, your mind might be elsewhere while your mouse is furiously clicking through all your new messages.
I’ll admit that I’m guilty of this myself — it’s quite easy to carry on a conversation, watch television, eat a meal, or perform any number of tasks while you browse through your new messages. It only takes one wrong click to become infected. You’ll be thankful you’ve backed up your important and sensitive information.
Keep in mind that no one is invulnerable to these attacks. Companies will tout anti-virus software, firewalls, and other methods to help deter and catch malicious attempts, and many of them are extremely beneficial and useful in alerting you to suspicious messages, files, and websites, but there is only one way to be sure that your information is safe. Back up your computer. Go buy an external hard drive, copy all your important files to it, and keep it in a closet in hopes you never have to use it again.
Andrew Davis, an IT administrator, provides on-site tech support and cable and server rack management at Mindgrub Technologies.