The Better Business Bureau® Serving Eastern Oklahoma urges consumers to review their cyber security measures in the wake of a ransomware attack that is considered the biggest online extortion attack ever recorded. The cyber attack began early Friday, but it continues to spread in the initial days of this work week. Estimates suggest 200,000 computers have been affected in 150 countries, including the systems running Britain's hospital network, Germany's national railway, universities in China and multiple government systems. The Department of Homeland Security notes that “the list of victims is very small” in the U.S. but could continue to grow.
How it works:
This ransomware attack, known as WannaCry, locked the files of impacted systems and demanded a bitcoin payment ranging between $300 - $600 to release the data. Those who do not pay are threatened with the destruction of their data. The hack gained access by taking advantage of a weakness in Windows computer systems. So far, the attackers have collected about $60,000 worth of bitcoins from less than 200 victims. (NPR, BBC, AP)
While security experts continue to investigate who is behind this cyber attack, BBB® has advice on how to keep your system safe.
- Keep your system updated: The weakness used to gain access to the affected computer systems was addressed by a security patch or system update released by Microsoft in March. Had those computers been updated, the attack would not have been able to lock down their system. Microsoft also released another patch on Friday for users of older or unsupported operating systems.
- Have a backup: Conducting regular backups allows you to restore your system in the case of ransomware. You may lose an hour or day's worth of data depending on when the last backup was, but that is better than losing all of your data.
- Strengthen your login: Make sure that your passwords are robust. Review BBB Tips on Password Safety. For key accounts like email, banking, and social media, consider using two-factor authentication which may include biometrics, security keys or a unique one-time code provided by an app on your cell phone. Visit Stay Safe Online for more information on fortifying your online accounts.
- Install antivirus software: If you don’t already have antivirus software installed on your computer, now is the time to do it. Do your research before choosing and downloading any software by reviewing the businesses profile on bbb.org/tulsa. If you already have antivirus software installed, make sure it includes a ransomware removal tool.
- Be wary of email attachments: It is still unknown how the malicious software gained access to the affected computers, but previous attacks show they could have entered the systems via email attachments, spam links, fake pop-up ads, etc. Emails from unknown senders should be sent straight to your spam or trash folder. However, malicious software can be sent to you via a recognized contact whose system has been compromised. Always be alert and question any emails asking you to download anything or follow a link.
- Review File Extensions: Enabling your system to show file extensions makes it easier to spot potentially malicious files. Look for file extensions ".exe," ".vbs,” and “.scr.”
If you are affected by WannaCry or any other type of ransomware, don’t panic. Here are some tips for what to do following a ransomware attack:
- Disconnect from network connections: Promptly disconnecting from the Internet is one way to cut the hackers access to your data, it may also stop them from using your system to reach your contacts via email or social media. Also disconnect from any internal network you may be on, as it can spread to multiple computers across the same system.
- Never pay hackers: Paying the ransom doesn't mean you will get your data released. So far, the number of victims who have paid the WannaCry attackers remains relatively small. Again, having a recent system backup prevents hackers from being able to hold your data hostage in the first place.
- Report Ransomware Attacks: It's important to report cyber attacks to organizations like the FBI Internet Crime Complaint Center (IC3) and BBB Scam Tracker, even if you paid the ransom or restored your system without loss. By informing IC3 or BBB, you sound the alarm and keep others from being targeted. Knowing more about ransomware victims and their experiences may contribute information to ongoing cases, provide justification for further investigations, and ultimately help law enforcement determine who is behind the attacks.
For more information on protecting your private information review BBB’s “Five Steps to Better Business Cybersecurity” (bbb.org/cybersecurity).
Learn how to identify and avoid scams and fraud at bbb.org/scamtips.