A devastating ransomware attack is racing around the globe, locking down data and infecting systems at hospitals, businesses and residences in more than 150 countries in the last 72 hours.
The WannaCry ransomware virus first made headlines on Friday when it began disrupting operations at hospitals throughout Great Britain. By Monday morning, the ransomware had spread to more than 200,000 computer systems worldwide.
A young security researcher is being credited for temporarily slowing down the spread of the virus by registering a domain name of a URL he spotted in the code. However, experts warn that new variants of the virus are already being discovered.
Protect yourself from WannaCry
WannaCry's creators are using a massive email phishing campaign to snare victims. The emails contain malicious links and attachments that, when clicked, download the ransomware onto the victim's computer. At one point, the creators of WannaCry were sending five million phishing emails per hour, according to Forcepoint Security Labs.
Victims who regularly back up their files can recover from a ransomware attack relatively quickly—without giving into the demands of cybercriminals. Here's a step-by-step guide on what to do if you're attacked:
- Remove the computer from the network it’s running on so the infection doesn’t spread to other computers. If the computer isn’t running on a network, skip this step.
- Shut down the computer by holding down on the power button.
- Turn the computer back on and select Safe Mode with Networking.
- Reconnect to the internet then download and run a malware detection and removal tool such as Malwarebytes.
- Once the virus is removed, delete all encrypted files and restore clean versions from the Carbonite backup service.
If your computer is backed up with Carbonite, do not pay the ransom. Carbonite can help you restore clean versions of your files after they’ve been infected with ransomware. Our ransomware recovery team is available from 8:30am to 7pm EST Monday through Saturday.
WannaCry demands $300 in bitcoins
Experts say anyone running Windows 7 or above should run Windows Update. Users running older or unsupported versions of Microsoft Windows—including Windows XP and Windows 2003—can download the patch from Microsoft's website.
Ransomware is designed to encrypt victims' computer files, essentially holding data hostage until a ransom is paid. WannaCry victims receive a ransom note demanding $300 in bitcoins, a cyber-currency that's notoriously difficult to trace. If the fee is not paid within three days, the ransom is doubled. If the ransom is not paid within one week, victims' files are permanently deleted.
WannaCry is designed to exploit a Windows operating system flaw first discovered by the U.S. National Security Agency. Microsoft issued a patch for the vulnerabilities prior to Friday's attack, but unpatched systems are still vulnerable. On Friday, Microsoft also took the highly unusual step of issuing a fix for some "retired" versions of Windows that are still in use.
The best way to avoid a ransomware infection is by educating yourself and your employees. You also need to keep firewall and antivirus software up-to-date. But most importantly, be sure to take the initiative and protect your home and business computers with a backup service like Carbonite. Thanks to Carbonite, more than 10,000 ransomware victims have restored their files without paying the ransom.
Additional resources
Want to learn more? Here are some additional resources that will help keep your home and business protected against WannaCry and other forms of ransomware:
- Five ways to detect a malicious 'phishing' email
- How does Carbonite protect my files from ransomware?
- Protect your company from ransomware: Six best practices for IT pros
- Fight back against a ransomware attack in four easy steps
- White hat hacker shares ransomware protection tips for small businesses
Ready to start protecting your files from WannaCry? Learn more about Carbonite data protection solutions and start your free trial today.