There was a widespread outbreak of ransomware attacks, based on a vulnerability in Windows that was released a couple months ago from NSA leaks. Ransomware typically infects a PC through a malicious website (less common) or via clicking an infected link in an email or an attachment (more common.) The infection usually encrypts the user’s files, and demands a ransom in electronic currency to recover them.
Here’s how you can protect yourself:
If you have a Windows machine, such as a personal laptop or home computer, please take a moment today to do a full round of Windows Updates and update any antivirus software you might be using. This should be a regular part of your routine. Try to turn on automatic updates and don’t delay them too often when they prompt you to install or restart – they’re important for exactly this reason.
Be careful opening email attachments, particularly if they appear to be from DropBox, DocuSign, or appear to be from a Realtor®, but contain vague instructions about a contract or financial transaction—the kind of email that looks like it might be something a Realtor sent you by accident or was intended for someone else. See example below.
In this example, the “payload” of infected code is in a link the PDF attachment. The text of the email itself has no malicious links and contains real information for an actual Realtor®. We called that member and she’s dealing with hundreds of these being delivered to her contacts and people she doesn’t know—myself included—but is at least aware of the issue and taking steps to handle it.
Unmask links in your emails to inspect them before clicking them or downloading attachments. If you hover over a link, you can see where it goes without clicking it. If the URL in the preview goes to an unfamiliar website or location (Particularly if the email you’re looking at purports to be from Dropbox or DocuSign but the domain in the URL is something totally different) Example below:
Remember that most of the effective, complex vulnerabilities that can attack even systems with good security like ours tend to rely on code being executed in other programs, like Adobe Acrobat. Many of the serious infection risks occur when a new vulnerability is discovered in how computers handle external files, like PDFs. You can mitigate a lot of risk simply by not downloading attachments from emails that appear suspicious. The whole purpose of these emails being vague and somewhat confusing is to get you to click on the attachment to see if it clarifies things.
Don’t fall for it. Just delete it and move on. If it’s legitimate or important, the sender will contact you again. If you’re not expecting it, it’s probably not something you want. This is a good thing to remember with emails you send, as well – don’t send members or other staff an email that’s just an attachment and no text, or something similar. Take a moment to write at least a one-sentence description of what the purpose of your email is, even if you just talked to the person about it. At the very least, it will help if they (or you) need to search for it later.
Here are a couple links that might be helpful:
Update your Windows systems now. Right now. – Washington Post Story
Microsoft Windows Update Instructions – via Microsoft
Microsoft Ransomware Information – via Microsoft
One additional note on ramsomware: You should always back up important files, but if you are attacked by ransomware and you have no other option, it’s worth noting that paying the ransom to decrypt the files and retrieve them usually does work. These schemes wouldn’t exist if there wasn’t a real mechanism for you to recover the files, and the hackers don’t have any motivation to leave your files encrypted—they just want to get paid.
If you have no other option to retrieve your files and are considering paying a ransomware demand, please feel free to call us to discuss the matter and we can advise you. Paying the ransom does not usually expose you to any additional infection risk. Any system compromised this way should have Windows fully re-installed from scratch anyway, so in some cases paying up might be the lesser evil. We’re here to help, and if you have any questions on the subject, please don’t hesitate to ask.