Massive Ransomware Wave – EXTREMELY IMPORTANT

This is extremely important information for both your home and your work computers. Please take the time to read all of it and make sure you understand it. Contact me if you need more info or have a question. And by the way – Macs are NOT immune. 

FYI – If you are not backing up your files you are playing Russian Roulette with your data every single time you open an email. I highly recommend that you assess your current backup solution or your backup needs. Please contact me to schedule an appointment and I will help you protect your data. 

There is a massive wave of ransomware spreading around the world today. You can read about it on almost any news site this morning, but here are a couple of examples, the first one even shows how many major services have been shut down around the world. If you only read one, make it that one –

KnowBe4 – The Biggest Ransomware Outbreak in History

NPR – Ransomware Attacks Ravage Computers in Dozens of Countries

Gizmodo: There’s a Massive Ransomware Attack Spreading Globally Right Now

CNN: Massive ransomware attack hits 99 countries

Time: Cyberattack That Crippled U.K. Hospitals Is Global

What You Need To Know About Ransomware

You can also click here to download my Ransomware booklet. I will be revising in shortly to bring it up to date since some things have recently changed but the information is still current.

This is no joke – this may be the worst computer threat we have ever seen. If you are a business with a network of computers this has the potential to put you out of business.

The short version of this message is – Ransomware will arrive in an email with an attachment. Trust nothing, do not open any attachment unless you are completely certain you know who sent it and what’s in it. Delete the email and then contact the sender to verify they really did send it, or if came from a company (UPS, IRS, etc) delete the email and call them directly to find out if they really are trying to contact you. Do NOT download ANY attachment. 

If you do become infected, IMMEDIATELY shut down your computer. Don’t think, don’t wait, pull the plug or hold down the power button till the computer shuts off. Then, immediately contact an IT professional for help. 

Please read on to learn how to protect your personal or business data. Yes, it’s long, but it’s important. 

Ransomware has been a big problem for the last two years but it has now begun to enter into a new phase. In the past, the bug would usually take out your computer, and another computer only if it had a shared resource like a mapped drive, for example – if you had a bunch of shared files on a T:\ drive. However, this new variation no longer needs that link to spread.

The strain which is currently spreading can infect other computers if they are connected to the same network, mapped drive or not. So, if you are sitting in Panera or Starbucks and using their WiFi, and someone in the building clicks on an attachment that’s infected, the virus will very possibly jump to your computer as well.

Make sure you understand that – if any computer on any network gets infected while you are on the same network, there is a very good chance you could be infected as well.

If you are infected with ransomware the virus will encrypt all of your files. That means the files will still be there on your computer but you will not be able to open them. If you are infected the virus will pop open a document with a countdown timer and a message telling you it has taken over your files and “here’s how to pay the ransom and get them back.”

You cannot recover your files once they have become encrypted.

Got that? You cannot reverse the damage except by recovering your files from backup or by paying the ransom. 

If the countdown timer on the infected computer runs out, the ransom doubles. This is one of the bigger problems with this infection since most people are not setup with a bitcoin account and that is how they will demand payment. It takes a minute to setup an account and it is not very easy to do, so the ransom may double before you can pay it. The demand may start at $300 to $500 but will increase once the timer runs out, and the timer will reset again but at the higher demand.

Short version – if you don’t pay within 3 days the ransom will double and the timer resets. If you don’t pay in another three days the ransom will double again and the timer will reset. Lather, rinse, repeat.

In some cases, the virus will give you two or three timer resets to pay, and then delete your files completely if you don’t. If that happens that data is gone. Seriously gone.

No amount of money, praying, or begging will get your documents or baby pictures back. The only option is to pay the ransom before the timer runs out. 

So how do you protect yourself? Education and backup are your only defenses. If you are the owner or leader of a business you must inform and educate your employees as well.

There are a few steps you can take to protect yourself from becoming a victim and having to pay the ransom. No, that is not the best answer, but in too many cases it’s the only one since it’s the fastest solution to getting your business back up and running.

First – make sure your computer is up to date. For Windows 7, make sure Automatic Updates are turned on and actively running. Windows 10 will be turned on by default and you cannot easily turn them off. But, you should still make sure they are on. To check if updates are turned on and working click here and scroll halfway down –

https://support.microsoft.com/en-us/help/306525/how-to-configure-and-use-automatic-updates-in-windows

Second – BACKUP YOUR DATA. Let me put that a different way – BACKUP YOUR DATA. Or, I could say BACKUP YOUR DATA. There are a bunch of easy ways to get this done now, so you have no excuse not to. Backup is critical now.

For home computers –

Carbonite – I have never been a big fan of Carbonite in the past but they have recently added a much needed feature. You can now recover old versions of your files. That means you can reach back to the day before the infection and recover your data.

Amazon Cloud Drive – If you sign up for Cloud Drive, Amazon will backup all of your data for a flat fee per year. Look under your Amazon account settings for Cloud Drive. Cloud Drive will backup your stuff and then close the link and isolate your stuff.

DO NOT rely on a portable hard drive or thumb drive for your critical data. Use one of the solutions above. If a USB drive is connected to an infected computer it will also become damaged. If you are going to use a USB drive to store your backup data, you MUST unplug the drive when the backup is done.

For Business Data –

JungleDisk – This is the best option for business computers. JungleDisk will also allow you to go back in time to recover your data, and JungleDisk is the most cost effective way to protect your files. JungleDisk will also allow you to use one account to manage all of the computers that contain important data. The one catch is, although it is the best small business backup product, it’s not the simplest product to set up. However, that’s why I’m here.

There are other products but after 20 years of watching people lose important stuff these are the only three I recommend. They are reliable, full featured, and cost effective products.

Third – EDUCATE. You must understand the threat, and you must educate your family, your employees, or anyone else who could introduce the virus into any network you share.

The most important things to keep in mind are that ransomware is almost always delivered through email. It will arrive as an attachment which usually needs to be Unzipped. The email will usually say something like Invoice Attached or Shipment Processed, or UPS Notice, etc. The email title will usually be something that makes you feel like you need to open the attached file. Don’t do it, don’t download the attachment.

You must question everything. You must read the email carefully, do not assume it’s Ok because it looks official. Or because someone you know sent it. There are easy ways to fake the sender address so very often a virus will raid a computer’s contact list and then send out at random to the other people in your list as you.

You must question everything. Read the email and make sure it matches up with the fact that there is an attachment. In other words, if you receive an email from someone you know and there is an attached file you were not expecting – does the body of the email make sense? Does it sound like it’s from the person who sent it? Were you expecting an attachment from that person?

If the answer is No, or you are even just a little unsure, do not open the attachment. Delete the file, the contact the sender and ask if they did send you the attachment. If they did send it they can just send it again.

Same goes for any other email, if it includes an attachment and you were not expecting it, delete it and then go to the source. If you receive an email from UPS that says something about a delivery, delete the email and then go to their website or call them to check if it is real. Do NOT assume something is what it appears to be. DELETE, DELETE, DELETE.

Education is your number one defense, make sure you and your family or employees know what to look for and how to react. 

Other important things to know – 

No antivirus or malware product can protect you. Do not listen to anyone tell you otherwise. Malwarebytes, Kaspersky, BitDefender and some other big companies have all released statements making it clear that they cannot protect you from ransomware. Because of the way they deliver it you are kind of inviting it in and walking it past the guard at the door. Once the virus is launched the antivirus product may react, but the damage will already be done.

Bitcoin is safe, but a bitcoin account is a challenge to setup. It is sometimes easier to find a friend who already has one, but if you are running a business it is a good idea to set one up ahead of time and stock it with $300-$500. Paying the ransom will be your quickest option, so if your business depends on a computer such as a point of sale, or your businesses server and all of the company files are infected, you may need to pay the ransom just to keep your doors open.

Pay the ransom if it’s the fastest way to get back on your feet.

You can protect yourself, and you can avoid becoming the next victim of ransomware. Please, please backup your data, and please educate your users. Do not use a shared WiFi source like a coffee shop right now. And of course, do not download or unzip ANY attachment unless you are 110% certain you know what it is. If it’s a .Zip file it is almost certainly bad news for your computer.

You are your own best defense against ransomware. Backup your data, educate your other users, make sure your version of Windows is completely up to date, and trust nothing. Know how to react if you do see unusual activity on your computer – kill it immediately. Do not rely on antivirus to protect you, be your own bodyguard“.

There is no other way to protect your important family data, or your business operations.