On Friday a ransomware attack hit tens of thousands of computers around the world before it was (at least temporarily) stopped by a security researcher who found and activated a killswitch. But it’s possible the developer of the malware could tweak the code and try again, so the best protection is to make sure your computer’s software is up to date.
The good news is that Microsoft already released an update that patches this vulnerability in March. The bad news is, as we learned this week, many computers haven’t had that update installed yet… and some weren’t even eligible.
Although anywhere from 5 percent to 7 percent of the world’s computers run Windows XP, official support for the operating system ended years ago… which means Microsoft typically doesn’t release any bug fixes, security updates, or any other new code for Windows XP. But the company is making an exception to patch this particular security issue.
Microsoft is making an update available for all users running Windows XP, Windows 8, and Windows Server 2003. Since those operating systems only get automatic updates if you’re paying for “custom support” you won’t get the patch via Windows Update. But you can download and install the update directly from Microsoft.
If you’re running a version of Windows that is actively supported, odds are that you already have the patch, but you should probably check to make sure that your system is up to date (if you haven’t “installed updates and shut down” or rebooted in a while, now’s a good time to try that).
Microsoft has also added WannaCrypt detection to Windows Defender. And the company notes that Windows 10 was not targeted by the attack.
And generally speaking, one of the best ways to protect yourself against ransomware is to regularly back up the data on your computer to a system that uses versioning, whether that means copying everything to an external hard drive or a cloud-based backup service like Carbonite or Crashplan.
That way if a ransomware attack encrypts all the data on your computer and demands payment before it can be unlocked, you can wipe your system, reinstall your operating system, and restore data from a backup. But the reason you want versioning is so that you can restore versions of your files from before they were encrypted by the ransomware. If your backup only includes the latest version of each file on your computer, once they’re encrypted on your main drive they’ll also be encrypted and password-protected in your backup.
By the way, the story of how @MalwareTechBlog temporarily halted the WannaCrypt attack is kind of interesting. In a nutshell, the malware included code that allowed its developer to shut it off at any time (possibly not because a killswitch was needed, but in order to help the virus avoid detection in some circumstances). But that technique provided a way to render the malware relatively harmless… for now: the software checks a specific URL to see if that website is active. If it is, the virus does not infect a computer.
The developer never actually registered that domain name though. So a third-party was able to do so and then make the website active, thus causing the ransomware to go dormant… although it’s possible the person or persons responsible for unleashing it could remove that killswitch and re-release it. So make sure your computer is up to date.