Monday/ do not cry (and do not pay)

Man! Very embarrassing to see a public display terminal frozen (looks like it’s for German railway operator Deutsche Bahn), and overlayed with the ransomware lock. Someone in the IT Dept. dropped the ball here. The Windows operating system was evidently not kept up to date and therefore not protected.

Late on Friday, a large number* of ransomware attacks called WannaCry surfaced across the world.  This morning, there was a segment on the Today show here in the USA, that was unfortunately way too general to be helpful at all.  The Finnish IT security company F-Secure  provides a nice explanation about the different types of ransomware, and how PCs become infected.

*Relatively large as far as sheer numbers go.  Some 200,000 computers are thought to have been affected .. but the planet has an estimated 2 billion PCs installed at this point. So that’s 0.01% of all PCs. Of course: if the PC is a server, or is used in mission-critical applications such as running a hospital, an airline or railway operations, it is a very bad situation.

Advice:
1. (As always) Do not click on links or URLs from unknown senders, and be suspicious even if you know the sender!   Watch out for dubious, shady websites or pop-ups with buttons.
2. Use anti-virus applications and keep your operating system up to date. If you have Windows, turn on automatic updates!
3. Back up your data and program files to an external drive.
4. If your system does get infected, do not pay the ransom.  (I guess in some cases the company or user may not have a choice.  But even if there is no back-up, the user may be able to get his or her original files back with some technical help).

(From Finnish IT security company F-Secure’s website). Criminals, competitors, hacktivists or spies use two methods to plant ransomware on your device: exploit kits on the web or by sending phishing e-mails. The IT administrator or end-user should have multiple layers of security in place. Firewalls and antivirus programs on the local server, and on the workstation, instructions to the users to be careful, and policies that provide for backing up data and technical support that is on standby 24/7 so that immediate action can be taken, as a last resort (disconnect the infected device from the network immediately, and report the event).

Leave a Reply

Your email address will not be published. Required fields are marked *