What you need to know to protect yourself when you don’t know much about computers.
You really don’t want this to be you — the guy or gal who just paid $597.08 to the cyber gang holding computers ransom across the globe with the WannaCry ransomware.
A new Twitter account is sending out a tweet every time someone pays the bad guys.
No names, just the fact that somebody paid in a desperate attempt to get all the files from their computer back.
The @actual_ransom Twitter account tweets when someone makes a payment to the WannaCry bitcoin wallets.
Archer News will help you — or someone you know — stay off that list!
At last check, the WannaCry ransomware has squeezed about $60,000 from people as it threw hospitals in England into chaos, as well as computer systems in China, Russia, Germany, the U.S. and more.
Anyone hit by ransomware knows it can be difficult to recover.
“This happened to me in February and I didn’t know what it was or what had happened,” wrote a commenter on the Federal Trade Commission website. “All I knew was I lost a lot of super valuable things, pics and files, months of work, our identities and our parents’ identities.”
The @actual_ransom Twitter account is monitoring the totals in the bitcoin accounts associated with WannaCry ransomware.
See also, “What is ransomware?” from Archer News.
Patch
First, you’re hearing everyone telling you to patch or update your operating system.
“For god sake: Apply Patches,” implored Swati Khandelwal in The Hacker News.
What if you don’t know what kind of operating system you have on your computer?
“When you turn your computer on, it usually comes up telling you what you’re running,” said Michael Kaiser, executive director of the National Cyber Security Alliance.
Ticking clock that accompanies the WannaCry ransom demand. Image: Avast
If you have Windows, you can follow these instructions:
“In Windows, you click the ‘start’ button and then enter ‘computer’ in the search box,” Kaiser explained.
“Right click ‘computer’ and then click ‘properties,’” he continued. “And it will tell you the version.”
If you have Windows 10, make sure you have installed the latest updates.
Microsoft released an update for Windows 10 and other versions in March.
“People who are using Windows 10, if they kept it up-to-date, they’re very well protected,” Kaiser said.
A Windows 10 start screen. Photo credit: download.net.pl via Foter.com / CC BY-ND
Older stuff
What if you have an older version, like Windows 8, or even older — like Windows XP?
“If they’re using earlier versions of Windows, new patches have been made available,” he told Archer News. “I would suggest that they use their favorite search engine and see if a patch for their version of Windows has been made available due to the WannaCry ransomware.”
The old Windows XP screen on a monitor. Photo credit: Eurritimia via Foter.com / CC BY
Microsoft provided these links for you to update your system if it is older than Windows 10.
Instructions for each will tell you how to download the update.
Windows XP on a laptop in 2008. Photo credit: rwcitek via Foter.com / CC BY-SA
When should you do it?
The short answer — you need to patch right now.
“Ideally, you would patch as soon as the software update became available,” Kaiser said. “If that’s not possible, you should do it at the next free moment that you can. It’s really important. I can’t overemphasize this.”
That doesn’t mean after work, nor at lunch time. That means now —especially now that you have help on how to do it.
“Any time you wait, it creates a risk,” he added.
For the future, patch as soon as the update comes in.
“If you use old software that doesn’t update automatically, set up a regular schedule to go to the company’s website and download and install updates yourself,” the FTC recommended in a post. “It’s wise to check at least weekly.”
WannaCry ransomware demand & instructions for payment. Image credit: Avast
Downtime
Some people grouse that updating their computers can cause downtime while your device is re-starting.
Kaiser suggests you find a quick chore to do in the meantime, like clean your desk, get a cup of coffee or talk to a fellow employee down the hall.
“There’s a lot of things you can do to fill up that time,” he said. “You have to understand that your security is important.”
And your security affects other people at your company, at your house, at the coffee shop where you’re using public Wi-Fi.
“If you get infected, it’s likely that your computer is helping to propagate that infection,” Kaiser said. “So, you really want to take responsibility for not only yourself, but protecting others.”
WannaCry ransomware message you could receive if your computer is infected. Image credit: Avast
Apple
If you use Apple products, like a Mac or an iPhone, you will want to patch, too, even though the WannaCry ransomware attacks Windows systems.
Historically, malicious hackers have gone after Windows and Android systems more than Apple systems.
“But less attacks is not the same as zero attacks,” wrote Graham Cluley in a post on WeLiveSecurity. “And fans of Apple hardware would be taking a big risk if they don’t think it’s just as important to keep their operating systems, apps and programs patched to protect against the most recently discovered vulnerabilities.”
Apple provided updates today for the iPhone, the iPad, MacOS, OS X, watchOS 3.2.2, iTunes, Safari, tvOS and iCloud for Windows 6.2.1., Cluley pointed out.
“Update your Apple devices now, and don’t tempt fate,” he said.
Experts recommend you update your Apple products as well, even though the WannaCry ransomware currently affects Windows systems. Photo credit: Foter.com
Not done yet
You should also back up your files regularly, in case of a ransomware attack or other disaster.
“From tax forms to family photos, make it part of your routine to back up files often on your computers and mobile devices,” the FTC urged. “When you’re done, log out of the cloud and unplug external hard drives so hackers can’t encrypt and lock your back-ups, too.”
Make sure your password is long and strong.
Many people are still using “12345678” and “password,” Kaiser said.
Some of the most popular passwords of 2016, according to The Telegraph.
“They need to move on from short passwords or one-word passwords or passwords that can be guessed because ‘I’m just going to guess where you went to high school because I see that from your Facebook account,’” he explained.
Use authentication tools, like the Google system that sends a code to your phone when someone tries to log in to your account.
“That make it much more difficult for cybercriminals to access your accounts,” Kaiser said.
And be careful out there.
See also “Finding your perfect password” from Archer News.
Coming soon?
WannaCry did not appear to hit the U.S. as hard as other countries.
But cyber crooks will modify and adapt the ransomware until it gets as many victims as possible.
“Currently there are 5 different WannaCry knockoffs in various forms of development,” wrote Lawrence Abrams in a post on BleepingComputer.
“It’s kind of in the wild and it’s moving around,” said Kaiser. “And it’s looking for systems that have that vulnerability unpatched to connect to. So, the longer you’re out there on the internet with that unpatched vulnerability, the longer you’re at risk.”
Main image: WannaCry ransomware demand with modifications. Image credit: Avast