Are you protected from ransomware?
In light of the WannaCry and Petya Cyber-attacks that have rocked the internet, CERTASSURE has offered further insight on the matter and provided tips on how to avoid losing precious data from your business or home server.
The Petya ransomware outbreak occurred on Tuesday, 27 June and has affected over 200 000 people in 150 countries. In South Africa, the Department of Basic Education’s website was hacked late on Wednesday night, although not a Petya attack, it was a vicious act of public defacement to a government website.
The worming ransomware is the largest ransomware infection in history. A computer worm has the ability to spread by itself.
What is ransomware?
Ransomware is a type of cyber-attack that locks all digital files and demands payment in order for them to be returned.
If your computer is compromised, it will look like this:
If your computer is infected with a ransomware virus it will become unusable and will remain on the above image until the ransom is paid. This malicious software can lock any device such as a computer, tablet or smartphone.
Where does ransomware originate from?
The software originates within an attachment in an email and disguises itself as something harmless.
Once it is opened the ransomware encrypts the hard drive and makes it impossible to access or retrieve anything that is stored, i.e. photographs, documents, music or other files.
The first documented case of ransomware occurred in 2005 in the United States and quickly spread to the rest of the world.
Paul Edon, the International Services Director of Tripwire said in an interview for BrightTalk with Josh Dowas that the lesson that can be learnt is, “still a case of back to basics”. He explained the importance of foundational controls such as offsite back-ups.
The cyber-attacks have targeted numerous establishments like hospitals, government offices and major multinationals. Edon says this is due to the fact that most of the software, especially in hospitals run 24 hours a day and are perhaps not as updated as they should be.
CERTASSURE’s tips to avoid cyber-hacking
- Always use complex passwords and a password vault.
- Back-up all your documents and back up offsite for all business related documents.
- Never click links in emails or text messages that seem to come from your bank, SARS, or any other company. If you think the message might be valid, log into your account directly, without using the supplied link.
- Keep all your applications and devices up to date with the latest patches* and try and use less targeted browsers such as FireFox and Chrome.
- Mobile devices are of particular concern as many simply download and install without any thought about why the app may be requesting permission to things it shouldn’t. For example, a weather app requesting access to your files or photos doesn’t make sense.
- Be careful what you download online. Preferably download software only from reputable companies or software that has been digitally signed with a Code Signing Certificate.
- Use Two-factor authentication where possible.
- Always think twice before clicking a link in an email or opening a file, especially from an unknown sender.
- Always use an Antivirus program, even a free version is better than having nothing.
- Above all else, always consider yourself a target for hackers when using your computer or smart devices. Even smart TV’s can be vulnerable to ransomware attacks so it’s important to always remain vigilant and use your common sense when surfing the web or receiving possible phishing emails.
*A patch is a piece of software designed to update a computer program or its supporting data, to fix or improve it. This includes improving the performance and fixing security vulnerabilities and other bugs with such patches called bug fixes.