What you should do RIGHT NOW so that you don't "WNCRY" later

May 15, 2017


First, if you are reading this using Windows XP, stop now and update your system. Come back to us… We’ll wait.

Seriously. Go. Now.

Chances are you have heard something about the “Wanna Decryptor” worm. To date, up to 300,000 computers have been infected in at least 150 different countries with malware designed to lock the data on the computer away unless a ransom is paid to the makers of the software. While most of Cascade’s clients, partners, and certainly our employees are using operating systems not affected by this specific event, it’s important to understand that malicious code and techniques used for an ever increasing number of undesirable purposes are constantly evolving. As a rule, the completely unaffected software of today is tomorrow's most target-rich environment.

Fortunately, there are some basic steps you can take to immediately mitigate much of the risk posed by WNCRY and other similar pieces of “ransomware.”
  1. BACKUP: You’ve been hearing it for years but if you haven’t started already, back your system up. The reason this is critical when fighting against ransomware is that if someone is infected with the WNCRY trojan, they have three options:
    1. Pay the ransom.
    2. Lose ALL the data.
    3. Simply restore from a backup.
      A sufficiently large external hard drive will suffice. Alternatively (or in addition) there are several affordable cloud based options that will save you when the time comes. As an added bonus, “off-site” backups also saves your from the almost inevitable hardware failure. We have found both Backblaze and Crashplan to be good options to look into.
       
  2. UPDATE: Always keep your software up-to-date. Turn on your operating system’s automatic update feature. Microsoft, Apple, and other OS creators do their best to provide proactive software updates to head issues like this off.
     
  3. ANTI-VIRUS: For most desktop environments, there are several reliable and affordable anti-malware software suites available. Do a bit of research, pick one, and keep its definitions up to date.
     
  4. OTHER:
    1. Use password management software to generate, store and recall strong, unique passwords. We recommend either 1Password or LastPass for password management.
    2. Use Two Factor Authentication on all services you use where it’s offered. Password will be compromised. If someone were to obtain your password, this will stop them dead in their tracks unless they physically steal your phone or trick you into giving them the code each service sends you.
    3. Use your operating system's firewall and/or disk encryption features.
As a rule, we handle the data that makes up our clients’ websites using these same practices, and we also strongly recommends that our clients, partners, and friends take any of these steps available to secure their own data as well. We do our best to keep your website safe but it’s obviously important that you keep your own computers safe too.

One final note is that it might be easy to overlook your mobile phone in terms of the advice here, but because of the amount of personal information that is stored on your phone, they are becoming arguably the most sensitive devices most of us own. They contain not just important passwords and other personal data, but often contain health records, geotracking history, financial data, and more.

Photo by Christiaan Colen