UPDATE 05.25.17: Here’s Connecting Point’s Service Manager, Jason Kellogg (among others), in an interview about WannaCry and other ransomware hitting systems right here in the Rogue Valley. (Courtesy NBC5, aka KOBI Channel 5, the local NBC affiliate.)
You’re probably safe. But you really should make sure—now.
The first reports came out of Britain last Friday: The National Health Service found some of its Windows PCs under attack by a virulent piece of ransomware named WannaCry, foisted on vulnerable systems by a group calling itself Shadow Brokers. Then it attacked Germany’s national rail system. WannaCry exploits a critical vulnerability in Windows computers, a vulnerability that Microsoft had issued a patch for back in March. But for those not diligent with their operating system updates, many found their computers completely unusable, with a pop-up message informing them that their files were encrypted and locked. To release them, they needed to pay a ransom of £230 (about $300) to a BitCoin account.
By Monday morning, the attacks had surfaced globally, in particular in China, where many computers run on pirated versions of Windows and thus cannot be patched. The extortion scheme has now spread to 150 countries. Microsoft has pointed a finger at the U.S. government’s National Security Agency (NSA), which created hacking tools enabling this type of cyberattack – and then had them stolen by hackers. Ironic.
So are you at risk? If you’re using a licensed copy of Windows and have up-to-date security software installed, you’re probably fine – but let’s make absolutely certain.
Which versions of Windows are at risk?
WannaCry take specific advantage of a vulnerability in older Windows operating systems to infect and encrypt. These versions are Windows 8, Windows XP, and Windows Server 2003. If you’re currently running Windows 10, Windows 8.1, Windows 7, Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 and have been diligent about system updates, you’re fine.
Here are some steps you can take to protect your PC from WannaCry:
- If you don’t have a recent backup, make one immediately. Once WannaCry encrypts your files, your options become very limited. Restoring your system from a backup is one of them – but you can’t make such a backup retroactively. As we tell our customers: You should assume at all times that, 30 seconds from now, everything on your computer will go away… forever. You should always have multiple current backups, with at least one of them kept off-site (in case of fire or other disaster). Talk to one of our sales or service specialists about implementing a robust backup strategy as soon as possible.
- Make sure you have the latest Windows updates and patches installed. As mentioned above, the security vulnerability that makes WannaCry and other attacks possible was identified and patched by Microsoft a couple of months ago – but it only works if it’s been installed. Windows 10 checks for updates on a regular basis, then downloads and installs them automatically. But in light of this recent attack, you should check to make sure you have the latest updates installed. To do this, click the Start button, then go to Settings > Update and security > Windows Update, and select Check for updates. Windows XP users can download a special patch Microsoft created to address this vulnerability. Find out how here.
- If you’ve turned off Windows Update, turn it back on. Many users, weary of constant updates and patches, disable this important feature. Better to deal with a bit of inconvenience than risk infection by malware.
- Use a good Internet security suite. PC Magazine has an in-depth review of the current offerings here. Get a good one, install it, and keep it updated.
- Bring your co-workers into the loop. At your next staff meeting, budget time to go over “best practices” for using office computers. A good place to start: Don’t click on questionable links, and don’t open suspicious attachments. IT administrators should restrict user access to the company network to just the areas they need to do their jobs.
- If you’re attacked, don’t hesitate. Act. Shut down the entire network immediately. Ransomware often threatens dire consequences if you turn off the computer or disable Internet access, but that is rarely the case. Security experts and law enforcement agencies warn against paying ransoms, since this only encourages fresh attacks further down the road. And paying the extortion fee does not guarantee your files will be unencrypted.
- Get a Mac. While no longer immune to all viruses and other malware, Mac systems are far less prone to such infections. (The exception would be if you are running Windows on your Mac via something like Boot Camp or Parallels. Windows running on a Mac is just as vulnerable to WannaCry and other PC malware as any other Windows computer.) The same holds true for users running ChromeOS, Linux, or mobile operating systems like iOS and Android.
The experts at Connecting Point can offer assistance in making the transition from Windows to Mac as painless as possible (we’ve done it literally thousands of times). We even offer a monthly class to ease your switching journey.
Guest post by Vound Software and Ghergich & Co.
Computer webcams, home security systems, and baby and pet monitors allow us to stay connected 24/7. These camera-enabled devices allow us to video chat with family members and work contacts and keep tabs on the safety of our homes, pets, and children with ease. But all this connectivity opens us up to some serious vulnerabilities. Cyber hackers can gain access to some of our most intimate moments if we don’t take the proper precautions. Thankfully, there are ways to protect ourselves-beyond covering your computer webcam with masking tape. Check out the infographic below to better safeguard your devices.
Are Today’s Cameras Cybersecure? 10 Tips to Avoid Camera Hacking
Apple has determined that a very small number of iPhone 6s devices may unexpectedly shut down. This is not a safety issue and only affects devices within a limited serial number range that were manufactured between September and October 2015.
If you have experienced this issue,Apple has provided this link where you can enter your iPhone 6s serial number to see if it is eligible for a battery replacement, free of charge. If you do qualify, please contact Connecting Point SERVICE. We are fully authorized to take care of this battery replacement issue for you.
Apple may restrict or limit repair to the original country of purchase.
If you believe your iPhone 6s was affected by this issue, and you paid to replace your battery, you can contact Apple about a refund.
This worldwide Apple program doesn’t extend the standard warranty coverage of the iPhone 6s.
The program covers affected iPhone 6s batteries for three years after the first retail sale of the unit.
Apple has determined that, in a small percentage of iPhone 6 Plus devices, the iSight camera has a component that may fail causing your photos to look blurry. The affected units fall into a limited serial number range, and were sold primarily between September 2014 and January 2015.
If your iPhone 6 Plus is producing blurry photos and falls into the eligible serial number range, Connecting Point SERVICE will replace your device’s iSight camera, free of charge.
The iSight camera is located on the back of your iPhone 6 Plus:
To determine if your iPhone 6 Plus is eligible for this free service, please enter its serial number at this link on Apple’s site. If your device does indeed qualify, please contact Connecting Point SERVICE immediately, and we’ll be happy to take care of everything for you.
This program is available for qualifying Apple iPhone 6 Plus devices for up to three years from date of purchase.