As a massive new ransomware attack spreads around the world, the question most of us face is how we protect ourselves from it. The bad news is that you can’t completely insulate yourself from ransomware, but the good news is that protecting yourself is easy, and you might even already be doing it.
Let’s start with what ransomware is. As the name implies, it’s malware that blocks access to your files, usually by encrypting them, and then demands money, usually in the form of Bitcoin, in exchange for returning your data.
Some ransomware will have a countdown timer that locks your drive for good, and paying the ransom is no guarantee, of course, that you won’t get hit again. Wannacry, the ransomware attack you’ve been reading about since Friday, is unique in that it uses a flaw in older Windows systems to propagate itself; usually ransomware is downloaded by accident, or presenting itself as some other form of software, which dates all the way back to 1989 when it was distributed on floppy disk.
Ransomware isn’t as common in the US as it is in some parts of the world, notably Russia, but it still turns up fairly regularly. Most ransomware, however, is designed to exploit people’s ignorance of computers and failure to perform basic protections. So, in many cases, some simple common sense will protect you.
First, back up your important files. The files you don’t want to lose shouldn’t be stored in just one place. Keep work files, family photos, and other stuff you want to retain no matter what stored on a flash drive, in the cloud, or on another hard disk. Also be sure to regularly back up your system, and keep the backup separate from your drive. If you’re willing and have the space, consider partitioning your hard drive to keep work and personal use separate. If worse comes to worst, you can simply wipe the drive and restore from your backup.
Second, and we’ll repeat this until people stop doing it, never click on a link you don’t trust or that seems fishy. The vast, vast majority of hacking attacks are sending out millions or even billions of spam emails looking for the .1% of people who will click the link. If a friend sends you an unexpected file, contact them about it before you open the email. If it’s an email from your bank about your account, call your bank directly instead of following the link. In short, when in doubt, don’t click.
Always update and patch your operating systems and software. A lot of pain could have been saved by people around the world if they’d just updated their systems back in March, when Microsoft issued a security update to fix the problem. Similarly, you shouldn’t pirate or use unlicensed software as it doesn’t automatically update, leaving you vulnerable to attacks. Russian businesses (and even government offices) have a taste for unlicensed software, which is part of the reason they were so hard hit.
Use a strong, free anti-virus program, such as Windows Defender or Sophos for Mac. And yes, if you run a Mac, you need an anti-virus program; don’t kid yourself that Macs are magically virus-free. Anti-virus programs are not worth paying for, since they only protect you from threats the company already knows to exist, but a good free program will block old ransomware and can be invaluable to have around.
There’s no perfect solution for stopping ransomware, and we all make mistakes. But with a few small changes, we can limit the damage.