Cybercriminals recently crippled more than 200,000 Windows computers in more than 150 countries, including some parts of Australia, and held their owners to ransom.
They did it with a malicious software called ransomware, which in layperson’s terms, is a program that locks up your computer’s data and threatens to destroy it unless you pay up.
The unwitting victim activates the attack by opening emails made to look like something familiar, or urgent, or by clicking on enticing web pop-ups.
Hospitals, schools and blue-chip companies were the hardest hit in the most recent blitz, but experts say everyone is vulnerable and we can expect more of the same in 2017.
So, what can you do to protect yourself, aside from being a lot more vigilant with that click-happy mouse finger?
Here are some tips from security experts to safeguard against ransomware.
1. Don’t ignore updates
The malicious code called WannaCry that crippled thousands in May is believed to have been transmitted by email. But it should have never have been allowed to spread as quickly as it did. Microsoft, which makes Windows, released a patch – computer-speak for a bug fix – that effectively stopped it in its tracks. But because most people don’t stay on top of security updates it quickly took hold. “People kind of got complacent and not vigilant about updating their machines,” says Chris Wysopal, the chief technology officer of Veracode, an application security company. Your computer should automatically tell you it’s updating on shutdown, but check your settings to make sure you haven’t missed any.
2. Install antivirus software
Marty P. Kamden, a marketing executive for the private network service provider NordVPN in the US, says 30 percent of popular antivirus systems were capable of detecting and neutralising the ransomware. But the same principles apply: make sure to keep the antivirus app up-to-date, too, so it blocks the latest emerging attacks. Also, download antivirus apps only from reputable vendors like Kaspersky Lab, Bitdefender or Malwarebytes, advises Marty.
3. Be on guard for anything suspicious
How do you spot a dodgy email? There are always giveaways. Look carefully at the email address of the sender to see if it is coming from a legitimate address. Also, look for obvious typos and grammatical errors in the body. Hover over hyperlinks (without clicking on them) inside emails to see whether they direct you to suspicious web pages. If an email appears to have come from your bank, credit card company or internet service provider, keep in mind that they will never ask for sensitive information like your password.
4. Backup your data
If you do get hacked, this is your way of flicking the proverbial finger at your attacker. You simply rescue yourself with a backup of your data stored somewhere, like on a physical hard drive. That way, if a hacker locked down your computer, you could simply erase all the data from the machine and restore it from the backup. The New York Times says we should be creating a copy of your data in the first place, in case your computer fails or is lost. To be extra safe from hackers, after backing up your data onto an external drive, unplug the drive from the computer and put it away.
5. Help! I’m already infected
The first thing to do is disconnect your computer from the internet so it does not infect other machines. Then report the ransomware crime to law enforcement and seek help from a technology professional who specialises in data recovery to see what your options might be. If there are none, don’t lose hope: There may be new security tools to unlock your files in the future. In extreme cases, it might make sense to pay a ransom if you have no backups and the encrypted files are valuable, says Chris Wysopal. But he adds that with WannaCry, people definitely should not pay the ransom. That’s because the hackers are apparently overloaded with requests from victims asking for their data to be released — and many who have paid are not even hearing back.