A global cyberattack that hit more than 150 countries is raising questions about what measures individuals and organizations can take to prevent network intrusions, particularly through ransomware.
“Ransomware is a virus that infects your computer,” said Mohamad Ali, CEO of Carbonite, a Boston-based company that offers cloud and hybrid backup and recovery plans. “The difference [from other malware] is that it encrypts everything on your computer, locks it, and then says, ‘Hey, you have to pay me a ransom for me to unlock it, otherwise I'm going to delete all your files.'”
Ali predicts that attacks like the WannaCry virus unleashed on Friday will proliferate.
"I believe there is more to come ... This particular attack had certain vulnerabilities that allowed us to stop it. But those vulnerabilities can be fixed very quickly, and within days or weeks, a new version of this thing could come out that doesn't have what people are calling the 'kill switch.'"
So, what should individuals and companies do to prevent being hit with ransomware? Ali offers some tips:
1. Get the latest Windows or Apple OS updates.
“There are oftentimes security patches. And in this case, there was one.”
2. Back up your data to the cloud.
“I can almost guarantee that you're going to be attacked by something, and a backup is really the only foolproof way to recover. ... You should absolutely back up off-site ... to the cloud. And oftentimes, these cloud services will continuously back up, so, they'll have multiple copies ... whereas, if you're doing that at home ... that device could get infected, as well. So, definitely back up to the cloud.”
3. Update your antivirus software.
Companies, in particular, "should have the best antivirus technologies out there."
4. Practice 'good cyberhygiene.'
“Don't go to websites that you really don't know. If somebody sends you a link to one of these things, don't go to it. Don't download things that you don't recognize. Don't install things from people you don't know. You can have all the security software you want. You can have all the backups you want. But as soon as you click on the wrong thing, you're in trouble.”
And if these measures fail, and you're asked to pay up to get your data back?
5. Don’t pay the ransom.
“We don't recommend that you pay the ransom for all the bad behavior that this creates. If you're not going to back up [your data], you do put yourself at tremendous risk and you may, in fact, have to pay the ransom. But there's no guarantee that you're actually going to get your data back. And so, we’re effectively building an industry that's going to keep coming at us.”