Late last week, there was a huge ransomware attack called WannaCry that affected over 200,000 Windows PCs in 150 countries and is still going. The attack has hit businesses, universities, and hospitals so far. Nonprofit, church, library, and foundation offices are vulnerable to this malware, which can lock up your IT system until a ransom is paid. We thought we'd explain a bit how you can protect your office.
Ransomware is malware that comes into an IT network mainly when computer users open an unknown email attachment or click on a web link. The malware then locks up and encrypts the files in the IT system and holds them for ransom until a payment is made, usually demanded in Bitcoin. Ransomware became famous as a tool of cybercrime in 2013 with the infamous Cryptolocker attacks. The malware technique has actually been around since 1989, however.
The WannaCry malware is the latest ransomware attack in a succession of them. This virus is also known as WannaCrypt, Wana Decryptor, or WCry. This particular type of ransomware exploits a vulnerability in the Microsoft Server file system. Apple products and systems based on the Linux/Unix operating systems are not at risk, unless running Windows System Emulator. Infected users are presented with a screen demanding a $300 to $600 payment to restore their files.
While the attack has hit more than 200,000 computers, only around 200 people are estimated to have paid the $300 ransom. In the U.S., Homeland Security says that the list of victims is very small. It is still relatively early in the WannaCry attack, however. The victims range widely, from small companies and organizations to large IT networks like the automaker Renault in Europe. Small offices, like those in nonprofits, are at risk in this cyberattack.
Taking these steps will help keep you safe from ransomware attacks.
If and when your organization is hit with a cyberattack, it is essential to have your mission-critical data and documents stored in the cloud or on a hard drive that is not connected to your IT system. After an attack, your computers or servers may require reimaging.
TechSoup offers cloud storage services like the Box donation program. Also, the Veritas donation program at TechSoup provides backup and restore software to eligible nonprofit organizations and public libraries.
Since WannaCry malware attacks Windows operating systems, a critically important thing to do is to run Windows Update on all Windows devices and also Windows Server software and enable automatic updates on all Windows devices. Microsoft's Security Bulletin MS17-010 from March of this year provides details on all the Windows software versions that can be patched by running Windows Update. Since the attack, Microsoft has issued patches for previously unsupported versions including Windows XP, Windows 8, and Windows Server 2003. You can download these security patches manually from Microsoft's Update Catalog. (Link might not work in all browsers.)
If your organization is running old versions of Windows like XP or Server 2003, or if you’re running nonlegal (pirated) versions of Microsoft Windows or Windows Server, you may well have trouble running Windows Update. Check your TechSoup eligibility to see if your organization qualifies for Microsoft software donations.
Antivirus and malware protection software has become TechSoup's most requested type of product donation over the last couple of years. This type of protection is designed to catch cyberattacks before they infect your IT system.
Popular product donations include
Find all of TechSoup's security product donations here.
Email is one of the main infection methods of all malware and specifically of WannaCry ransomware. Be wary of unexpected emails especially if they contain links or attachments. If you find a suspicious link, before you click on it, you can go to the free virustotal.com service. It will tell you whether or not it has been reported as a dangerous link.
Also, be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
There are particular file types that pose the greatest security risk to all users. It is helpful to see what kinds of files you're trying to open. File extensions like .exe, .vbs, and .scr are the dangerous ones. To be able to see file extensions, enable them in Windows Settings. I like the Laptop.com directions on how to do this in Windows 10.
If you do get infected, shut down your PC and disconnect it from the Internet and your network. This of course limits the spread of the infection. Also, cybersecurity experts say that paying the ransom should be a last resort. Avoid doing that if you can. The alternative of rebuilding infected machines is not great either, but it does discourage cyberblackmailers from coming back.
The sad news in all of this is that new WannaCry ransomware variants are expected to appear going forward for some time. And new malware of other types will also come calling to attack our IT systems. This will be the case no matter how small our offices are. The good news is that the seven points we've listed above will give you greater protection for your IT system against future online threats. At TechSoup, we want ya'll to stay safe out there.
Image: portal gda / CC BY-NC-SA
I have about 2000 people on my VerticalResponse mailing list I'd like to send this article to. May I do so as long as I give credit to the author and TechSoup?
Hi senseigk, Yes, you are welcome to send it to your mailing list as long as you credit the author and TechSoup and link back to the original post.
Thank you. What is the correct link to the original post?
Hi senseigk, the link to the original post is forums.techsoup.org/.../what-you-can-do-about-ransomware.aspx
The most secure approach to ensure yourself is to abstain from clicking joins from obscure sources. Security specialists have unequivocally suggested all Windows clients completely refresh their framework with the most recent accessible patches.
"It is basic you introduce all accessible OS updates to avoid getting misused by the MS17-010 weakness," included Malwarebytes. Any frameworks running a Windows form that did not get a fix for this powerlessness ought to be expelled from all systems
This work is published under a Creative Commons Attribution-NonCommercial-NoDerivs 4.0 International License.
Close this window