How to Avoid Becoming a Victim of the Next Global Cyber Attack
Wanna Cry's rampant spread across devices scattered across the globe, one of the largest global cyber-attacks in recent memory, not only held sensitive information and networks hostage but the world's attention as well. The sensational story of leaked cyberweapons developed by the United States released by shadowy malware brokers coming back in the form of one of the most pervasive ransomware bugs is in itself headline material but the attack was able to bring to light perhaps an even more interesting story of how wildly unprepared many people and devices are for attacks of that level.
Two year's worth of NIST-aligned training
Deliver a comprehensive security awareness program using this series' 1- or 2-year program plans.
This time, those unfortunate enough to find themselves being held up by their own devices were able to walk away with their data and devices intact for the small price of $300-$600 USD, though the next wave of attacks, WCry is still predicted wreak havoc despite a patch and new iterations of the bug are sure to debut as new hackers try their hand at manipulating the code, may be devastating in ways we have yet to see.
How to Protect Yourself and Your Devices from the Next WCry
Malicious as WCry and other ransomware is, there are a few easy precautions everyone can take to protect themselves and ensure their devices are not compromised in the next round of worldwide cyber-attacks.
Always Exercise a Healthy Amount of Skepticism for Sources You are not Familiar with…
One of the easiest ways you can ensure your devices stay virus free and secure is by simply remaining alert and cautious anytime you are engaging with an unfamiliar source online.
This means…
- Not opening any e-mail attachments from not only unknown sources but inspecting any unsolicited attachments from contacts as more sophisticated hackers can often obscure their identity behind other infected devices.
- Practicing safe web browsing habits by always using add-ons that allow you to always connect to sites with the HTTPS protocol over HTTP, you can download the EFF's HTTPS Everywhere add-on here if you use Chrome or if you prefer Firefox here.
Remaining cautious when interacting with unknown sources is essential for maintaining your device's security, though websites you visit regularly and entries in your contact list should not be given free license to run freely. Unfortunately, the way many of the large scale bugs infect new victims is by turning each infected device into a potential weapon programmed to target those closest to itself. This does not mean you should never open another email again or become wary of your friends and co-workers but instead just remain aware of the potential harm while browsing safely.
Make Sure Your Devices are Always Updated with the Latest Patches
Often, after the first line of defense has been compromised and a virulent computer worm starts infecting devices the next step in ensuring the bug is stopped and your devices protected is updating your devices with any security patches released by a trusted source. As computer bugs spread across the globe, they catch the eye of security experts. The research and subsequent patches developed by security experts are the first response to global threats and essential in protecting your sensitive information.
Chances are many of your devices are set to automatically update whenever a new version of their software or connected apps becomes available, so all that is needed on your part is to check to see that all available updates have been downloaded and installed on your device. Though if you are using an older device or one that is not as widespread in popularity as others, your device may not automatically update its software, so any patches and updates released will have to be manually downloaded and installed to your device. In light of the recent WCry attack, Microsoft issued patches for its older operating systems. So if you are running an older Windows OS, you can download the WCry patch here.
Install Reliable and Trusted Anti-Virus Software on Your Devices
Even if you practice safe online browsing habits and keep all of your devices up to date with security patches, it is still best to install anti-virus software onto all of your devices.
As safe as you may feel by calling to confirm every attachment sent by your co-workers and hovering your mouse over every link, occasionally a threat may slip by you undetected.
Hackers often employ very sophisticated methods in trying to part you with your money and sensitive information. In some instances malware can be disguised in the form of image files or text documents, recent headlines within the tech community found that some hackers were able to exploit the subtitle files of movies to sneak into vulnerable devices undetected.
This is where reliable anti-virus software plays a vital role as the software is specifically created to detect any potential harmful bugs that can take over your device and leave you vulnerable. The software itself uses previously known exploits as well as known potential pathways for malware to check for hazards against its stored database keeping you and your device safe from hackers.
Though hacking is hardly a static science and is constantly adapting as criminals continuously evolve their methods and tools, making it essential that any software you choose is often updated.
Always Back Up Your Sensitive Data on External Sources
Ransomware works as its name intends. The malware, once inside your device, locks you out of your device while simultaneously demanding ransom for the release of your data.
In the particular case of the WCry bug, devices infected with the ransomware demanded that $300 be paid in bitcoin to the hackers within three days. Once the three days elapsed without payment, the amount would double and an extension of four days given to the unfortunate individual. If the week passed without payment, the bug would perform its last function, and the data on the device would be forever lost to the individual.
Though WCry targeted large networks with sensitive data, hackers could easily turn their sights to your own computer and attempt to hold you own data hostage. Scary as that sounds, you can subvert any attempts to take over your data by keeping back-ups saved to external sources. By constantly backing up important data on external drives you take away the main bargaining chip leveraged against you by hackers. As the technology driving data storage continues to streamline, it has become easier than before to maintain large amounts of data securely and at a relatively reasonable cost.
It is important to note that any data you store on an external device should be encrypted to prevent any unwanted eyes from gaining access to your most personal information. Stories of people buying used computers and hard drives finding droves of information still stored on the devices are not as uncommon as you would hope.
If the word encryption immediately makes you think you have to enroll in a CS course or plan a marathon of The Imitation Game, don't worry, some external drives come equipped with encryption built into the device, some even utilize a pin as the first line of defense against unpermitted access. There are also quite a few software programs that will encrypt your data for you available online, some like VeraCrypt are free of charge and straightforward to use.
But, What If My Device is Infected…
Unfortunately, even the best defensive measures can still fall prey to determined and talented hackers. So what should you do if you find your devices have become compromised and infected?
The very first thing you do with a compromised system is to isolate the device, which means disconnecting it from any shared networks and the internet. The next step is confirming that your device has truly been infected, this may be a little more difficult for specific types of threats that are not as bold as ransomware in announcing their presence, by running a malware scan.
If malware is detected, it is important that is removed entirely from the infected system before you reconnect your device to shared networks. Once the malicious code has been removed, you can begin to take steps to ensure that your computer is once again protected.
Update all of your anti-virus protections, browsers, your OS, and change any passwords you may have had, the malware may have copied any stored passwords, opening your computer up to another attack.
If you have found yourself the victim of particularly malicious ransomware and have a well maintained external disk containing vital information for the operation of your device as well as copies of all of your personal data, sometimes it may be better to wipe your device and begin with a clean slate completely. Though some devices vary regarding initiating a factory set, once initiated the reset restores your device back to the original condition you purchased it in, operating systems and memory-wise. After which just transfer your data back to your device from your secured copy.
It is worth noting that it is considered rather risky to back up data once a breach has been identified given malware tendency to hide within necessary files.
Only once you have backed-up and secured your device should you begin to use your device normally again.
Though the WCry bug was slowed before large scale devastation overtook the world's computers, the next wave of global cyber-attacks will build off of its failures, making the next wave that much more dangerous and underscoring the need to improve our focus on securing our devices and data. With a little bit of effort, you can ensure that the next WCry infects one less device.
See Infosec IQ in action
References:
- http://www.pcworld.com/article/243818/security/how-to-remove-malware-from-your-windows-pc.html
- http://www.pcmag.com/article2/0,2817,2492726,00.asp
- https://answers.microsoft.com/en-us/windows/forum/windows_10-security/wanna-cry-ransomware/5afdb045-8f36-4f55-a992-53398d21ed07
- https://www.veracrypt.fr/en/Home.html
- https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/
- https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp?hl=en
- https://www.thestreet.com/story/14147814/1/how-hackers-changed-their-style-in-the-wanna-cry-attacks.html
- https://blog.malwarebytes.com/cybercrime/2017/05/wanna-cry-some-more-ransomware-roundup-special-edition/
In this Series
- How to Avoid Becoming a Victim of the Next Global Cyber Attack
- Tax scam season: How to protect your data from common scams in 2024
- Security awareness for kids: Tips for safe internet use
- Celebrate Data Privacy Week: Free privacy and security awareness resources
- Consumer data, who owns it and who protects it?
- Human error is responsible for 74% of data breaches
- What is a social engineering attack?
- Biggest cybersecurity mistakes by large organizations
- 4 common social media scams (and how to avoid them)
- From theory to practice: Designing a successful security awareness training program
- Understanding cyberattacks: Types, risks and prevention strategies
- Securing digital frontiers: The importance of information and IT security awareness training
- Optimizing your corporate security awareness training: Strategies and techniques
- What is security awareness: Definition, history and types
- Top 10 security awareness training topics for your employees in 2023 and beyond
- AI best practices: How to securely use tools like ChatGPT
- Connecting a malicious thumb drive: An undetectable cyberattack
- 5 ways to prevent APT ransomware attacks
- 4 mistakes every higher ed IT leader should avoid when building a cybersecurity awareness program
- ISO 27001 security awareness training: How to achieve compliance
- Run your security awareness program like a marketer with these campaign kits
- Deepfake phishing: Can you trust that call from the CEO?
- Fake shopping stores: A real and dangerous threat
- 10 best security awareness training vendors in 2022
- How to hack two-factor authentication: Which type is most secure?
- Malicious push notifications: Is that a real or fake Windows Defender update?
- Free Cybersecurity and Infrastructure Security Agency (CISA) ransomware resources to help reduce your risk
- How IIE moved mountains to build a culture of cybersecurity
- At Johnson County Government, success starts with engaging employees
- How to transform compliance training into a catalyst for behavior change
- Specialty Steel Works turns cyber skills into life skills
- The other sextortion: Data breach extortion and how to spot it
- Texas HB 3834: Security awareness training requirements for state employees
- SOCs spend nearly a quarter of their time on email security
- Security awareness manager: Is it the career for you?
- Risks of preinstalled smartphone malware in a BYOD environment
- The ROI of security awareness training
- 5 reasons to implement a self-doxxing program at your organization
- What is a security champion? Definition, necessity and employee empowerment [Updated 2021]
- Excel 4.0 malicious macro exploits: What you need to know
- Worst passwords of the decade: A historical analysis
- ID for Facebook, Twitter and other sites? Not so fast, says security expert
- 3 surprising ways your password could be hacked
- Fake online shopping websites: 6 ways to identify a fraudulent shopping website
- All about carding (for noobs only) [updated 2021]
- Password security: Complexity vs. length [updated 2021]
- What senior citizens need to know about security awareness
- 55 federal and state regulations that require employee security awareness and training
- Brand impersonation attacks targeting SMB organizations
- How to avoid getting locked out of your own account with multi-factor authentication
- Breached passwords: The most frequently used and compromised passwords of the year
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
Security awareness
Tax scam season: How to protect your data from common scams in 2024
Security awareness
Security awareness
Celebrate Data Privacy Week: Free privacy and security awareness resources
Security awareness