A new ransomware named Petya hit high-profile targets in multiple countries, including the United States, on Tuesday. While Petya has not infiltrated as many machines as ransomware WannaCry did in May, it is more dangerous and has the power to create more damage. Here’s how to protect yourself and your small business from attacks like Petya.
Like WannaCry, Petya is targeting a vulnerability in older Windows systems called EternalBlue. One of the best things you can do to protect yourself from these attacks is to download the patches Microsoft provides during updates. Microsoft released a patch to protect against the vulnerability on its Windows XP system in March. Earlier this month, it issued more patches for older Windows operating systems, citing the “elevated risk for destructive cyber attacks.”
If you enable Microsoft to automatically update your computer, you should have the patch. For older versions of Windows that Microsoft doesn’t generally support, you can go to the Microsoft website and download the patches you need to protect your computers based on the version of Windows you have.
You should always back up your computer just in case a ransomware attacks your computer so you have copies of your files in another location, like an external hard drive or in the cloud.
Don Foster, senior director of solutions marketing at business data firm Commvault, advises backing up data more than once a month. In the event of an attack, you can have the most updated files to use without having to pay the ransom.
You should download protection programs that not only fight attacks, but also notify you when there is a threat to your computer. These programs include firewalls, anti-virus programs and other protective software. They can alert you if a malware is trying to encrypt your files and what they are doing to stop it. These are a good idea, says Bill Kelly of specialty insurer Argo Group, because even though the ransomware can get to some of your files, these programs should protect the rest of your files.
Some of these attacks occur because of phishing emails. These emails are designed to make you think they are legitimate, but install malware on your computer once you open them. Kelly suggests training yourself to identify what these emails look like.
Often, there is a typo in the name of the company or person supposedly sending you the email. It can be as little as one letter changed from their actual name.
Foster also suggests not visiting websites that have illegal or suspicious activity on them. You can unleash malware and open yourself to vulnerability without realizing it just by clicking a link on these sites.
When using public Wi-Fi, you are viewable to everyone else using that network. You want to make sure you change your security settings on your computer when on a public network. Usually, computers will ask you automatically if you want to be viewable on the network, but check your security settings just to be sure you are not set to public.
Foster suggests using a VPN, or a virtural private network, that hides your computer from those using a public network. The use of a VPN won’t fight malware, but it can help you not be a target.