This week’s news headlines are full of warnings about the WannaCry Ransomware. This Ransomware virus has spread through more than 150 countries and to more than 300,000 people since the end of last week. It’s affected everything from home users to large corporations, small businesses and even caused hospitals in the UK to have to turn away patients and reschedule surgeries.
Security experts are working furiously to stop the spread of the virus, track down those responsible and help businesses restore their data. Nobody knows who is behind the attack, but Europol is working on a decrypting tool, which would free computer systems from the virus. Many firms hired experts over the weekend to prevent new infections, which seems to have worked in Europe, so far.
Ransomware works by locking users out of their computer systems. The WannaCry Ransomware works by exploiting a vulnerability in outdated versions of Microsoft Windows. It then demands money from users who want to regain control of their data. The ransomware initially requests around $300, and if no payment is made, threatens to double the amount after three days and delete files within seven days. Once it infects one computer, it can spread to every computer in that network within seconds. Payments are required to be made by Bitcoin, a digital currency, used because it is so hard to trace. Unfortunately, the only solution is to rebuild your system from backup data.
According to Elliptic—a London startup that helps law enforcement agencies track criminals—around $50,000 worth of Bitcoin payments have been made to the hackers as of Monday morning. Some experts recommend that you should not pay the ransomware if you’ve been hacked. Even if there is a way to determine if you’ve paid the ransom, there is no guarantee that the hackers will return the files to you unharmed, if returned at all.
After the initial discovery of the WannaCry Ransomware, Microsoft issued a warning to the U.S. government concerning its data-storing practices. Microsoft claimed that the tool used in the WannaCry cyber attack was developed by the U.S. National Security Agency and was stolen by hackers. Microsoft released a Windows security update in March to tackle the problem exposed by the latest attack, but many users haven’t run the update yet.
Who Is At Risk?
While the WannaCry Ransomware can infect any business—and has infected a range of businesses across all industries, service industries are particularly vulnerable. The graphic below, courtesy of statista, gives a breakdown of infections over the past 16 months, along with a breakdown of how those computers were infected.
You will find more statistics at Statista
How Can You Protect Your Computers?
Hoping for the best is a poor defense against computer viruses and other problems. There are a number of steps you can take to protect your network from the WannaCry Ransomware, as well as from other computer viruses and hack attempts.
Protect your Computer Network with These Steps
- Update your network if you haven’t yet. Make sure you have kept your system current with the latest patches and updates from Windows. Make sure all computers and devices on your network are also updated. You can check your update status by choosing “Control Panel” from your computer menu and then selecting “Windows Update.”
- Turn on auto-updaters, if available. Microsoft offers the option of auto-updating all essential updates. Enabling this will help ensure your computer system is current.
- Don’t click on links that you don’t recognize. This includes links in emails, even if they come from or appear to come from a known sender.
- Don’t download files from people you don’t know. Be careful where you are downloading apps, files and software updates. Sketchy websites can pose tremendous security risks to your computer.
- Educate your staff. Be sure they understand what they should and should not download to office computers. Set up policies regarding allowing personal devices on your business network. You can learn more about creating “Bring Your Own Device” policies here. Require employees to create secure passwords and emphasize the importance of protecting those passwords. For help in secure password creation, check out this article.
- Back up your documents regularly. You should have at least one data backup that is not a part of your network, whether you are using a cloud-based backup service or manually backing up to external/removable drives or backup systems.
Once you have taken the necessary steps to secure your network, it will be a good time to review your Cyber Liability Insurance policy. For a free review, and to make sure you have the right coverage for your business, email our business insurance experts at [email protected] or give us a call today at 303-721-1145. In the meantime, Roper Insurance will continue to monitor and keep you up-to-date on this and other computer security issues.