In the wake of a ransomware attack that has been considered the largest of its kind in recorded history, Better Business Bureau® Serving Central Oklahoma is urging consumers to review their system updates and cyber security measures. Beginning early on the 12th of May, the attack continued spreading into the following week.
“Cyber security is becoming an increasingly important area of focus for both businesses and consumers,” said Kitt Letcher, president and CEO of BBB. “For most people, poor cyber security could have detrimental consequences when it comes to the privacy of their personal and financial information.”
Initial estimates placed the number of impacted devices around 200,000 spanning across 150 countries. The attack damaged a wide array of infrastructure, including: healthcare, transportation, education and core government services in multiple countries within Europe and Asia. Here in the United States, the Department of Homeland Security noted that “the list of victims is very small,” but could continue to grow as the investigation continues.
A typical ransomware attack would enter via a phishing email or online download; it would then spread quickly to other machines on the network by exploiting a vulnerability in outdated software or operating systems. This attack specifically preyed on a vulnerability in the Microsoft Windows operating system. The vulnerability was discovered by Microsoft and a patch to repair the issue was released in March. Nevertheless, many computer users do not regularly update their operating systems, thus missing the critical repair and leaving their devices vulnerable.
Better Business Bureau joins with the National Cyber Security Alliance in suggesting the following cyber hygiene defenses:
- Don’t click on links from unfamiliar sources. Even if you think you know the sender, be cautious about clicking on email links. When in doubt, delete it. Be especially wary of messages requiring you to act quickly, asking for personal information, or threatening you in any way.
- Keep clean machines. Prevent infections by updating critical software as soon as patches or new operating system versions are available. This includes mobile and other internet-connected devices.
- Use strong authentication, requiring more than a username and password to access accounts, especially critical networks, to prevent access through stolen or hacked credentials. Check out Lock down your login or more information.
- Conduct regular backups of systems. Systems can be restored in cases of ransomware and having current backup of all data speeds the recovery process.
- Make better passwords. In cases where passwords are still used, require long, strong and unique passwords to better harden accounts against intrusions.
If you are affected by the latest ransomware attack, known as WannaCry, or any other type of ransomware, don’t panic. BBB offers the following advice and tips to limit the impact of a ransomware attack:
- Disconnect from network connections. Promptly disconnecting from the Internet is one way to cut the hackers access to your data, it may also stop them from using your system to reach your contacts via email or social media. Also disconnect from any internal network you may be on, as it can spread to multiple computers across the same system.
- Never pay hackers. Paying the ransom doesn't mean you will get your data released. So far, the number of victims who have paid the WannaCry attackers remains relatively small. Remember that if you have recently backed up your system, then hackers will not be able to hold your data hostage in the first place.
- Report Ransomware Attacks. It's important to report cyber-attacks to organizations like the FBI Internet Crime Complaint Center (IC3) and BBB Scam Tracker, even if you paid the ransom or restored your system without loss. By informing IC3 or BBB, you sound the alarm, thereby keeping others from being targeted. Knowing more about ransomware victims and their experiences could contribute to ongoing cases, provide justification for further investigations, and ultimately help law enforcement determine who is behind the attacks.
Businesses need to take special precautions when it comes to protecting their customers’ information. One of the BBB Standards for Trust is:
- Safeguard Privacy: Protect any data collected against mishandling and fraud, collect personal information only as needed, and respect the preferences of consumers regarding the use of their information.
One of the ways businesses can safeguard privacy is by utilizing BBB’s “Five Steps to Better Business Cybersecurity,” found online at bbb.org/cybersecurity.
Consumers can learn more about avoiding scams and fraud at bbb.org/scamtips.