Tech News

Monday, 15 May 2017 | MYT 4:15 PM

Don’t WannaCry? Protect yourself from ransomware (Updated)

A ransomware threat demands payment from a user in exchange for unlocking private data. — dpa

A ransomware threat demands payment from a user in exchange for unlocking private data. — dpa

In light of the ongoing WannaCry ransomware attack that is wreaking havoc on Windows PCs around the world, it’s best to be aware of the best practices and things to avoid. 

Basically ransomware is malware that locks out users from their files and/or data in devices such as PCs unless the user pays a sum demanded by the hackers.

Once hit by ransomware, the user usually has no way to retrieve the locked or encrypted files, in which case some may choose to pay the hackers to get their systems back online – such as hospitals or other organisations with time-sensitive or mission-critical systems – but this is not advised by security experts as there is no guarantee the hackers will unlock the files even after payment is made.

It's not all doom and gloom though – you can minimise the damage to your systems with just a few simple steps.

Do not download or open suspicious files

E-mail is still one of the most popular methods of spreading malware. Often, cyber attackers will send out e-mails that are made to look as if they were sent by someone you might know personally.

Be aware of what you are downloading – make sure the source is legit and trustworthy before downloading anything, especially when handling random e-mail attachments. If there are links in an e-mail, do not click on them.

Hover your mouse cursor over the link to check whether it is suspicious before opening. For instance, if the link purports to be on a Microsoft security advisory but the link that pops up doesn't lead back to Microsoft's official websites but instead to some other dodgy website, you'll know that it's a malicious link.

However, If you inadvertently downloaded one or more suspicious attachments, do not panic. Just don't open the file or execute it.

Use an up-to-date security software to scan the file or even better simply delete it.

Know your file extensions

It pays to know the proper file extensions that are available.

For instance, if you are dealing with work documents, you are most probably working with a Microsoft Word document, an Excel sheet or even a Power Point presentation.

For Word files, the extensions will usually be .doc or .docx while Excel sheets often end with .xls or .xlsx. As for Power Point, the files usually come with .ppt or .pptx extensions.

If you happen to come across files such as worklog.doc.exe, or financial_statement.xls.scr, do not open them as the files are most likely malicious.

Security firm Kaspersky in its advisory said that as Trojans are programs, users should stay away from file extensions like exe, vbs and scr especially when it comes to e-mail attachments.

Users can also check this list on tech site “How to Geek” on the list of potentially dangerous file extensions on Windows.

Keep your devices up to date

If you happen to be using an older version of an operating system, for instance the popular Windows XP, you are most likely at risk due to the unpatched security vulnerabilities and discontinued support from the software maker.

For instance, the popular Windows XP operating system extended support ended in 2014, thus it no longer actively receives security updates and vulnerability patches.

However in light of the seriousness of the WannaCry attack, Microsoft issued a rare security update for all of its legacy platforms – Windows XP, Windows 8 and Windows Server 2003 – including those on custom support only.

Microsoft added that customers who are running supported versions of other operating systems (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016) will have received the security update MS17-010 in March and would therefore be protected against WannaCry.

If you happen to be running older OSes, it’s best to immediately patch your system and then upgrade to Windows 10, the latest version that is supported on a regular basis. By continuing to run non-supported OSes, you risk exposing yourself not only to ransomware attacks but also tons of malware threats.

Also, it’s good to keep your Internet browser such as Google Chrome and Mozilla Firefox, a well as other regularly used software on the PC, constantly up to date.

Make use of antivirus software and decryption tools

An anti-virus software or Internet security suite is always a good preventive measure to prevent cyberattacks.

There are plenty of options that feature extensive security protection features such as Norton Internet Security, Kaspersky Internet Security and Microsoft’s own pre-installed Windows Defender. Such software will act as the first line of defence by blocking auto downloads and actively scan for suspected threats on the PC.

While there are still no decryption tools available for the current WannaCry ransomware, there are a number of online sites that offer such tools for previously known ransomware strains.

For instance, No More Ransom is backed by Europol (European Cybercrime Centre) with the support of Kaspersky and Intel Security.

There is also Kaspersky’s own decryption tools available on its website.

Always keep a back up copy

The main threat of ransomware is the ability to lock out users from PCs or storage devices.

To avoid being held ransom, always backup your device and keep an up to date copy of your data.

Keep at least two types of backups – on the cloud and offline.

Cloud storage services such as Google Drive, Microsoft OneDrive, Dropbox and Box offer large amount of storage space for a monthly or yearly subscription fee.

As the data is stored on remote virtual servers located around the world, the data is often protected by these cloud service providers. More often than not, this is much safer than storing on personal servers.

However, do keep in mind that nothing connected to the Internet is 100% safe. It’s important to have a backup copy, or the backup storage device, disconnected from the Internet and thus out of reach of cyber attackers.

An up to date backup copy that is not connected will allow users to restore the PC back to the previous unaffected state, thus requiring no ransom to be paid.

advertisement

Powered by

advertisement

advertisement