An online extortion attack that authorities say swept 150 countries this weekend is part of a growing problem of "ransomware" scams, in which people are locked out of their files and filed with a lawsuit to pay the Hackers to restore their access.
Hackers cause users to click on infected e-mail links, open infected attachments, or take advantage of obsolete and vulnerable systems.
Lawrence Abrams, a New York-based blogger who runs BleepingComputer.com, says many organizations do not install security updates because they are worried about triggering bugs or can not afford downtime.
Here are five tips to make you a less likely victim:
Make Safe and Secure Backups:
Once your files are encrypted, your options are limited. Backup recovery is one of them. "Unfortunately, most people do not have them," says Abrams. Backups are often outdated and critical information is missing. With this attack, Abrams recommends attempting to recover the "shadow volume" copies of some versions of Windows.
Some ransomware sometimes also points backup files, though.
You should make multiple backups - to services in the cloud and the use of physical drives, at regular and frequent intervals. It is a good idea to back up files to a drive that remains completely disconnected from your network.
Update and Patch your Systems:
The last ransomware was successful due to a confluence of factors. These include a known and highly dangerous security hole in Microsoft Windows, late users who did not apply Microsoft's March software patch and malware designed to spread rapidly once inside universities, businesses and government networks. The software update will take care of some vulnerability.
"Let's hope people are learning how important it is to apply these patches," said Darien Huss, a senior security research engineer for cyber security firm Proofpoint, who helped stem the scope of the weekend's attack. "I hope that if another attack occurs, the damage will be much lower, but there are obviously many, many computers out there and some people still, I think, do not think they need to patch their computer.
Use Antivirus Software:
Using antivirus software will at least protect you from the most basic and known viruses by scanning your system against the known fingerprints of these pests. Low-end criminals take advantage of less savvy users with these known viruses, even though malware is constantly changing and antivirus is frequently days behind detecting it.
Educate Your Workforce:
The basic protocol, such as emphasizing that workers should not click on dubious links or open suspicious attachments, can save headaches. System administrators should ensure that employees do not have unnecessary access to parts of the network that are not critical to their work. This helps limit the spread of ransomware if hackers get into your system.
If Hit, Don't Wait and See :
Some organizations turn off computers as a precaution. Closing a network can prevent continuous encryption and possible loss of more files. Hackers sometimes encourage you to keep your computer on and connected to the network, but do not be fooled.
If you are facing a ransom demand and locked out of your files, law enforcement and cyber security experts discourage repayment payments as it gives incentives to hackers and pays for their future attacks. There is also no guarantee that all files will be restored. Many organizations with no up-to-date backups may decide that restoring access to critical files, such as customer data, and avoiding public embarrassment is worth the cost.
"My answer is: never pay the ransom," Abrams said. "But at the same time, I also know that if you are someone who has been affected and you have lost all the pictures of your children or lost all your data or lost your thesis, sometimes $ 300 is worth, you know?"
Tags:Cyber attacks,ransomware,backup,antivirus,Wannycry ransomware
0 comments:
Post a Comment