by Selena Larson @selenalarsonMay 15, 2017: 9:09 AM ET
Europol: Ransomware preying on 'poor digital
hygene'
One of the biggest-ever ransomware attacks
continues to take computers hostage.
Friday's attack largely hit businesses and large
organizations: U.K. hospitals, a Spanish telecom, FedEx (FDX), the Russian Interior Ministry, and more.
And it's expected to cause more problems on Monday. Researchers recorded
infections in tens of thousands of machines, and Europol estimated Sunday that the attack
had spread to about 150 countries.
Ransomware is a type of malicious
software that takes over a computer and locks the user out, preventing them
from accessing any files until they pay money. This particular program, called
WannaCry, asks for about $300, though the price increases over time.
Experts are advising infected users not to pay the ransom, because it is
unlikely they will get their files back.
Businesses and large organizations are mostly at
risk of this attack because of a flaw in a Windows protocol that many
businesses use to share files.
WannaCry takes advantage of a vulnerability
discovered by the NSA and made public by hackers in
April. Microsoft (MSFT, Tech30) released a patch for the
vulnerability in March. But computers and networks that didn't update their
systems are still at risk.
On Friday, a security researcher inadvertently
created a "kill switch" to help stop the spread of this ransomware.
However, a hacker could rewrite the code to omit the kill switch and start
trying to infect new machines with a new version of it.
Businesses sometimes take longer to install
critical updates and patches, often to avoid impacting any older software they
are running. In a surprise move over the weekend, Microsoft released a patch
for versions of Windows it no longer supports -- because many businesses and
organizations use legacy technology as critical infrastructure.
Matthew Hickey, cofounder of security firm My
Hacker House, created a virtual inoculation for companies to use to prevent
ransomware while they work on patching. The tool is called WCRYSLAP and can be
found here.
"It gives you a little piece of the virus
so that when your machine gets infected, the virus sees you already have an
infection and quits. It stops the damage being caused," Hickey told
CNNTech.
The tool doesn't stop the worm from spreading,
but it prevents files from getting encrypted. Businesses need to patch to be
completely protected, but Hickey's solution works for organizations that might
need more time to upgrade.
Though the worm is primarily affecting business,
individuals with PCs running Windows should still take a few precautions.
First, install any software updates immediately
and make it a regular habit. Turn on auto-updaters where available
(Microsoft offers that option).
Microsoft also recommends running its free anti-virus software for Windows.
If you don't already have a backup routine,
start now: Regularly save copies of all your files. That way, if your machine
gets infected and your photos and documents are encrypted, you don't need to
worry about losing them.
Finally, always stay alert. Don't click on links
that you don't recognize, nor download files from people you don't know
personally.
The cyberattack highlights how critical
infrastructure and major organizations can be harmed by outdated software and
technology. So while your own machine is clean, basic services that impact your
life could still be at risk.
Heather Kelly
contributed reporting.
CNNMoney (New York)First published May 15, 2017: 8:35 AM ET
No comments:
Post a Comment