How to protect your Microsoft Windows computer from ransomware attacks
WHAT HAPPENED: On May 12, a new type of ransomware known as WannaCry began to impact many areas of the world. Ransomware is a form of malicious software that encrypts important files and demands payment to get them back. This cyber attack has impacted many businesses globally including hospitals, airlines and FedEx. The ransomware malware can be sent via email in a malicious attachment or through a recently identified Microsoft vulnerability.
As we learned Friday, the initial attack vector was through spam email, often under the guise of invoices, job offers and other lures sent to random email addresses. Within the email is a .zip file and once clicked, that initiates the WannaCry infection. Microsoft released a patch for this particular vulnerability in March and we recommend that everyone install this patch immediately.
Petronella Technology Group, Inc. believes that further attacks are likely.
WHAT CAN YOU DO: Although the below tips are focused on Windows, there concepts apply to any of your devices, such as phones and smart TVs. It is important to understand that legacy anti-virus software does NOT keep you safe from these types of attacks. Petronella recommends taking a few simple steps to protect your Windows computers and consider adding multiple, patented security layers to protect your business. Follow some simple best practices:
- Keep your system up-to-date: If you are using supported, but older versions of Windows operating systems, keep your system up to date, or simply upgrade your system to Windows 10.
- Apply the emergency patch: If you are using Windows XP, Vista, Server 2003 or 2008 or other unsupported versions of Windows, apply the emergency patch released by Microsoft.
- Keep your antivirus software up-to-date: Virus definitions have already been updated to protect against this latest threat.
- Back up regularly: Keep a good backup routine for important files and documents that stores copies to an external storage device that is not always connected to your PC.
- Beware of phishing: Always be suspicious of uninvited documents sent via email and never click on links inside those documents unless you can verify the source. Educate and protect all of your staff with ongoing Security Awareness Training.
We encourage you to take these steps at your earliest convenience. Review this article for a more technical listing of corrective actions.
WE ARE HERE TO HELP: If you have any questions or concerns related to this alert, please contact us at firstname.lastname@example.org. Thank you for your help to keep your business and personal information secure.