In light of this attack, it is a good time for all users of the Internet to stop and consider what steps they should take to protect themselves and their organizations against the wide range of malware and ransomware exploits that are being propagated by cyberhackers.
As many of the victims of the WanaCryptor Ransomware have discovered, this exploit infects your computer when you click on an email with an attachment.
Based on initial reports, PCs become affected with WanaCryptor is via crafted phishing emails that propagate using a vulnerability in the Microsoft Windows SMB server. Every infected user is required to pay a ransom of between $300 and $600 per device or more to regain access to their encrypted files. While Microsoft has issued patches for this venerability, this particular attack has affected 10s of thousands of Windows computers.
Here are some actions you and those in your organization can take to protect yourself:
- Do not open unexpected attachments and always confirm an attachment’s validity without clicking on it or opening. Some OSs and browsers may allow you to examine a link via a QuickLook that does not open the link.
- Send a text message or IM to the originator of the email to ask if it was intended for you.
- Email sent by hackers may be very sophisticated or may look official, but on closer examination may contain subtle errors.
- A phishing attempt may often come from an email that looks like a friend or company that you may recognize. The email may come from an account using Gmail, Hotmail, Yahoo Mail, or other common email service.
- Make it your mission to ensure that co-workers, family and friends with less technical skill and awareness understand the risks and concerns around cyberattacks and help train them to be careful in opening or clicking on links in suspicious email.
- Show them how spot a suspicious email and how to keep critical software such as anti-virus, the PC operating system, and associated firewall software updated.
While the Internet has been an indispensable tool for education, research, communications and just plain R&R, it has also become a vector for nasty exploits and malware. So, be careful out there and help others to understand how to keep themselves safe.
As always, drop us a note or comment if you have any questions!