Once again, computers around the world have been compromised by a malware threat that blocks access to data with the promise of resolution if you pay a ransom via an untraceable financial transaction using the Bitcoin cryptocurrency.
This attack is unique in many ways including the fact that the underlying code was allegedly developed by and stolen from the National Security Agency (NSA), as was publicly reported earlier this year. This latest cyberattack is being delivered via malicious software known as “WannaCrypt”, and is a type of attack referred to as ransomware.
The software is designed to attack Microsoft’s Windows operating system and exploit a vulnerability in the software. This vulnerability was patched by Microsoft back in March, and for users that are running the latest versions of Windows software, and have automatic updates enabled, those systems are protected from this attack.
If your data has been compromised and held for ransom the best approach to recovery is to completely reinstall your operating system and applications and restore your data from backup. If you don’t have a backup of your data then you may be out of luck, most professionals would not recommend paying the ransom for technical and ethical reasons. For example, there is no guarantee that your files will be decrypted and there is a chance that the virus will remain on your system only to reinfect it at a later date.
Ransomware is only one type of threat that is circulating over email, malicious websites and via shared files. Windows based computers are not the only systems that are vulnerable to these threats and antivirus software is not the ultimate solution to protecting your system. Users must be cognizant of the threats, the types of communications that deliver the threats and the best practices for patching, protecting and using personal computers and business networks.
Regular backups of important data are the only way to protect systems from viruses and system failures. We all know this but how many of us are performing daily or weekly backups? The latest backup and cloud storage solutions on the market make it easy to automate these functions and they are simple to setup, monitor and manage.
While it is impossible to completely protect your systems from these threats the few things that you should be doing will provide you with the best chance of avoiding critical data loss, theft of personal and private data or compromised access to passwords and financial systems.
In short, backup, run the latest systems and software, train users and deploy multiple layers of security. If your systems or data are highly sensitive or fall under compliance requirements then you should look at professional solutions to monitor, manage and maintain your system and security services.