The threat posed by the WannaCry ransomware remains unchanged, as the German Federal Office for Information Security (BSI) recently announced. WannaCry does not spread via e-mails as usual, but via a security hole in the Windows operating system. To protect users, the BSI advises them to apply the corresponding Windows security update(Microsoft patch MS17-010).
What is Ransomeware?
Ransomware is a combination of the words "ransom" and "software" and refers to malware that blocks access to the user's own files after infecting the computer. The user is only supposed to regain access after paying the required fee. In most cases, however, the payment does not guarantee the permanent release of the files or the device, but rather additional demands. So that no conclusions can be drawn about the extortionist, the "ransom" is supposed to be paid using anonymous means of payment, such as Bitcoins or Paysafecards.
How can you protect yourself?
- Make regular backup copies: The most important files can be stored on external data carriers such as a cloud storage service or a USB hard drive. The hard drive should not be permanently connected to the computer, otherwise it could also be infected in the event of an attack. Information and tips on the subject of backups can be found on bee-secure-lu.
- Carry out regular updates: The latest update versions should always be installed for the operating system and antivirus software. Although this does not provide ultimate protection, it makes it much more difficult for attackers, provided that old security holes have already been closed and the virus software is up to date.
- Healthy distrust: Suspicious e-mails and their attachments should not be opened or accessed. With the 3-second security check from the BSI, the risks can already be reduced. Sender, subject and attachment are three critical points that should be considered before opening any e-mail.
What if it does happen?
Ransomware is a digital form of ransomware used by organized crime. The BSI recommends that all those affected do not respond to the demands and do not pay a ransom. There is no guarantee that a functioning decryption program will be provided after payment of a ransom. Instead, each successful extortion proves the success of the attack method and motivates the attacker to commit further crimes. Ransom payments thus directly finance the further development of the malware and promote its spread. In addition, each ransom paid increases the likelihood for the victim to become a victim of extortion again, perhaps even via targeted methods. (Source: BSI, Ransomware situation dossier, as of May 2016).
More on the topic
- Microsoft: Security update from Microsoft dated March 14, 2017 (MS17-010)
- BSI: Ransomware situation dossier
- BSI press release of 15.05.17: Update: Worldwide cyber security incidents caused by Ransomware
- klicksafe topic area: Protecting the PC
- BSI brochure: Surfing, but safely!
- BSI topic area: Malware
- BSI topic area: Spam, phishing & Co