The price of online freedom is eternal vigilance. That’s the lesson cyber thugs keep shoving in our faces with attacks that steal identities, freeze networks, and make computer data disappear. Most recently, the extortion ransomware called WannaCry (or sometimes WannaCrypt) took out older Windows operating systems running crucial networked computers for hospitals, universities, and car factories, from Britain to Russia, India to Taiwan, in Latin America and Africa. The spread to the United States was stymied by a computer whiz who uncovered a blocking strategy.
Some accusatory fingers have been pointed at Microsoft for creating software patches back in March but then not yelling “Update your software, people!!!” Sure made for an impactful “upgrade” lesson.
Worming in as a viral email zip file attachment, WannaCry can attack only vintage Windows 8 software and the older, more popular Windows XP operating system, which Microsoft stopped supporting in 2014 after offering a free OS upgrade to those who had paid for the software. But lots of operations were lax or ran bootlegged versions of XP.
And let us not ignore where WannaCry came from. It was stolen by hackers, reportedly North Koreans operating inside China, from the cyber-weapons arsenal of our own National Security Agency. So we have met the enemy and it is us.
As Federal Trade Commissioner Terrell McSweeny suggested on C-SPAN, some blame for invasions and lockups can be put on internet service providers, which could be better gatekeepers, and on companies that make easily hacked IOT (internet of things)-connected gadgets.
The FTC is now bringing action against dozens of hardware makers that don’t follow “best practices rules” to safeguard consumer privacy and security, she said. And the commission would press broadband service providers harder to do the right thing, were its mission legally blessed by Congress and not being challenged in federal court (by AT&T Mobility).
So where does all that leave us consumers? Don’t wait for Congress to rescue you. It’s time to take the law into your own hands.
- If you’re still running Windows XP, 8, or the newly support-expired Vista OS, buy Windows 10 software. Or better, a brand-new computer. As the gang at Lifewire point out, even a new entry-level $500 PC will run circles around your old XP-fitted model. If you think WannaCry is the last bit of ransomware you’ll ever see, just download the patches that Microsoft has made available for older versions of Windows XP SPTx64, SP3x8, XP Embedded SP3x86, and other iterations.
- Turn on the Windows Update auto-patching feature on your Windows 10 computer that you turned off because it was so annoying. It used to be that those updates would rudely take over a computer as soon as a user signed on, disabling the machine for five to 10 minutes. That quirk has largely been eliminated in the Creators update.
- You’ve probably heard the mantra that backing up all your data to an external hard drive or the cloud will save your butt if your computer crashes or is locked up. But know that creepy ransomware has long tentacles and can lock up backup devices and even cloud storage, too. So it’s wise to disconnect the hard drive as soon as you’re done with a data transfer. Or use a cloud service like Dropbox that offers “automatic versioning.” (It recovers an earlier version of the data if the last version has been encrypted.)
- With vulnerable browsers and plug-ins such as Flash or Java, malware can sneak into your system when you visit a tainted site or tap on the wrong link or pop-up advertisement (often touting, ha ha, fake malware-protection software). To improve the odds, keep your browser and associated plug-ins up to date. And hover over a hyperlink (without clicking on it) to see if it points you to someplace strange.
- Invest in an antivirus solution. Bitdefender and Norton are old reliables, though the latter sure took its good time before informing users that WannaCry had been neutralized. If your security suite is old, it might not have any protection against ransomware. To fill the gap, install a dedicated, free utility such as Cybereason Ransomfree and Malwarebytes Anti-Ransomware.
- Don’t be a dodo and click on an email attachment from an unknown source. Or even from a sender that seems familiar but a little off. Say, the sender’s name or message has a spelling error. Or the enticement is vague: “Hey, look at this!” If in doubt, write back to an address you know. And spread the word to the IT department: “If you see something, say something.”
- Don’t pay the WannaCry ransom ($300 in Bitcoin, per terminal). The culprits aren’t dipping into the kitty and the promised unlocks aren’t happening, reported Chris Wysopal, CTO of application security company Veracode.