The NSA’s Virus Can Still Destroy Your Data, Here Are 5 Ways to Make Sure It Won’t*
By Claire Bernish
Thanks to the NSA’s apparent lust to know and see everything, agency-designed ransomware virus was unleashed on the planet yesterday, leaving anyone using a Windows system — corporations, governments, and even those who only post cat pictures online — vulnerable to exploitation for a price.
That price — $300 in Bitcoin, increasing after a given time period — would theoretically have to be paid in order to rid the infected computer of the WanaCrypt ransomware, or the victim would lose everything on their system. Ransomware literally holds your data hostage until the fee asked by attackers is paid — but if you don’t pay, you lose everything.
WanaCrypt0r, alternately known as WanaCry, WanaCrypt, or WCry, is believed to have infected no less than 126,500 computers in 99 countries prior to the threat being partially abated — but not before it had wrought havoc on the U.K.’s National Health Service, FedEx, Spanish telecommunications company, Telefónica, and other systems around the globe.
“This is one of the largest global ransomware attacks the cyber community has ever seen,” Splunk director of threat research, Rich Barger, told Reuters. Splunk is one of several firms who divined WanaCrypt0r’s origins with the National Security Agency.
Analysts say the particularly infectious worm exploited a Microsoft software flaw, and, although the company issued a patch in March after identifying WCry in February, not all users had updated their systems accordingly.
Cybersecurity experts worked at a fever pitch to stop the malicious worm, but it took what the Guardian termed an “accidental hero” to bring a tentative halt to the pandemonium. Reports the outlet, a Twitter user, “tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and inadvertently activated a ‘kill switch’ in the malicious software.”
He “halted the global spread of an unprecedented ransomware attack by registering a garbled domain name hidden in the malware has warned the attack could be rebooted.”
And payment of the $10.69 registration fee — temporary, though the end to the exploit may be — was all it took.
A significant risk could still be lurking — after all, the attackers used tools designed by the NSA, whose entire collection of older hacking tools were leaked online last month by an entity calling itself the Shadow Brokers, and WCry could yet mutate or be altered — but there are a few ways to stay safe and prevent having precious data and files wrested from you.
- Update, update, update
As tech outlet, Tom’s Guide, notes,
“If you’ve not installed the March, April or May Windows Update bundles, do so immediately. It’s worth shutting down your system for a few minutes if it gives you a chance to avoid this.”
Windows Vista users will be protected through the March or April update bundles, and Microsoft has since issued a patch for Windows XP and its 2003 server — while the company released information to help customers cope with the ransomware virus.
- Don’t fall hook, line, or sinker
Although WanaCrypt exploits the aforementioned Windows vulnerability, people must be vigilant — as always — not to fall for online phishing schemes, as this malware could also have been spread randomly in hopes people would open email from an unfamiliar source.
Be exceedingly cautious when visiting websites and opening attachments — WanaCry could be ready to pounce. Use common sense — and pepper it with extraordinary discretion.
- Back it up
Cybersecurity experts constantly harangue the rest of us to backup important data and files, and — while that directive might generate an eyeroll, and grumblings about time and energy — backing up one’s system is an imperative which now cannot be ignored.
Storing vital information in a secondary location, such as a USB storage stick or external hard drive, could save you tears and headaches in the long run — particularly if WCry or another variant takes control of your system. Cloud storage could be an option — depending on which cloud you use, as the original NSA leaker and insider, Edward Snowden, has warned — but would also leave your data vulnerable in other ways.
- Get your defenses up
Install solid, reputable antivirus software — particularly one targeting ransomware — as a line of defense against the intrusion. Experts now say WanaCrypt appears to be “wormable,” which, Tom’s Guide explains, means it spreads
“from system to system by itself as a computer worm, rather than relying on human interaction as a Trojan horse, or infecting desktop applications like a traditional computer virus.”
Since most antivirus software protects and updates in real time, even if the worm breaks through your defenses, RT points out,
“chances are good that within a short while an automatic antivirus update will clear the intruder from your system. Most antivirus companies offer trial versions free of charge to test before subscribing for a paid service, which should be enough if one needs to urgently remove a stray malware.”
“If you have up-to-date malware protection software from a reputable cybersecurity company such as Avast installed on your computer, you are probably protected. Check your cybersecurity company’s website to make sure you are. WanaCry is a world-wide, runaway threat. If your cybersecurity company’s website has nothing to say about it, don’t assume you are protected. Make sure you are running the current version of Windows.”
- Keep your money
Perhaps the most basic instruction most analysts and security pros emphasize is also difficult for many to swallow. Don’t shell out the money they’re demanding — be it Bitcoin, dollars, gold, or any other iteration.
Of course, those holding your files hostage for money hope to exploit you in two insidious ways — first, by locking down your data, but second, through your emotional panic resultant from having your critical files abruptly unavailable. That alarm pumps you full of adrenaline, and could provoke a response which seems the simplest solution in the moment — forking over the funds.
If you do that, cybersecurity analysts say, no guarantee exists you’ll actually get your data back — and your willingness to do so could make you a target for future exploits — which, again, could be coming around anytime.
Considering the scope of the documents leaked by the Shadow Brokers, virtually anything could be possible now. This basic list will only help to an extent, and should not be considered comprehensive — nor should it be considered, of course, expert advice.
That said, the precautions offered are a bit better than leaving your system naked to malicious infection.
That “accidental hero” credited with truncating the worm’s virulent proliferation admonished the public to be wary and alert, because — although altered or ‘improved’ iterations of WanaCrypt have yet to appear online — “they will.”
“This is not over,” he told the Guardian.
“The attackers will realise how we stopped it, they’ll change the code and then they’ll start again. Enable Windows update, update and then reboot.”