On May 12, hundreds of thousands of computer owners at home and at work – across 150 countries – woke to the unpleasant reality that their data was being held for ransom. Yikes.
Microsoft had released a patch for the appropriately named cryptoworm – WannaCry – but many didn’t install it. And those who were understandably still attached to the oldie-but-goodie Windows XP didn’t stand a chance, as Microsoft stopped releasing patches for it in 2014.
Few were surprised that the attack targeted Windows, since that ubiquitous OS is the favorite of most attackers. Windows dominates the market, so the more victims the merrier for the attack community. “Only Windows computers were affected by this attack,” Ruby Gonzalez, head of communications at NordVPN, told Design News . “Historically, Windows has been more prone to attack. Apples and Linux as not attacked as often.”
Getting Your Patch Updates Automatically
Most Windows users receive their patches through the IT department at work, or they subscribe to receiving the patches automatically from Microsoft. Restart the computer every few days, and most of us watch the newest patches load. But not everyone, apparently. “The main reason people are vulnerable to ransomware is they don’t update their patches,” said Gonzalez. “If the users – companies or individuals – updated back when the patch came out, this attack probably wouldn’t have happened.”
You may not remember it, but you were asked if you wanted to receive automatic updates from Windows when you opened your new computer. If you took on a used computer, you might have missed this step. “What most security experts recommend is setting up automatic updates, which install as soon as they’re available,” said Gonzalez.
Protecting the Corporate Network
With WannaCry, one bad apple was able to spoil the network. “Research shows that human factors affect malware,” said Gonzalez. “In this case, it was enough for one person on the network to open an email that was infected. Training employees is very important.”
One of the thorny issues for manufacturing and process plants is dealing with production facilities that run three shifts. If you’re operating 24/7, when are you going to restart so the patches take affect? “Most of the updates require restarting. That’s an issue for production facilities and large companies that need to run 24/7,” said Gonzalez. “For them, we recommend they work with a company or hire an expert who can schedule updates that don’t affect operations.”
NordVPN offers seven simple ways to protect yourself against ramsomware:
1. Don’t forget to install latest security updates. Security updates often contain patches for latest vulnerabilities, which hackers are looking to exploit.
2. Don’t open anything suspicious you receive through email. Delete dubious emails from your bank, ISP, or credit card company. Never click on any links or attachments in emails you’re not expecting. Never give your personal details if asked via email.
3. Back up all data. Back up your data in an alternate device and keep it unplugged and stored away. Backing up data regularly is the best way to protect yourself