Attention Windows Users!
It’s been all over the news, the global ransomware attack that hit over 10,000 organizations and 200,000 individuals in 150 countries, including the UK National Health System. This particular virus attack through a Windows vulnerability. In concern for my clients and anyone else who uses Windows and reads my blog I wanted to pass on information I received from Wordfence, a security plugin I use on all my clients sites as well as my own, on how to protect ourselves. The following is a direct quote from the article, which you can read in full here.
WannaCry Ransomware: How to protect yourself
- If you use Windows, install the patch that Microsoft has released to block the specific exploit that the WannaCry ransomware is using. You can find instructions on this page in the Microsoft Knowledge Base. You can also directly download the patches for your OS from the Microsoft Update Catalog.
- If you are using an unsupported version of Windows like Windows XP, Windows 2008 or Server 2003, you can get the patches for your unsupported OS from the Update Catalog. We do recommend that you update to a supported version of Windows as soon as possible.
- Update your Antivirus software definitions. Most AV vendors have now added detection capability to block WannaCry.
- If you don’t have anti-virus software enabled on your Windows machine, we recommend you enable Windows Defender which is free.
- Backup regularly and make sure you have offline backups. That way, if you are infected with ransomware, it can’t encrypt your backups.
- For further reading, Microsoft has released customer guidance for the WannaCry attacks and Troy Hunt has done an excellent detailed writeup on the WannaCry ransomware.
As soon as I finished with this blog I am going to take these steps. Also, as a quick security refresher, remember to never open email attachments from anyone you don’t know and even if you do know the sender, if they send you a link or attachment that you weren’t expecting contact them first before you open the attachment to make sure they did, in fact, intend to send something to you. Ransomeware is also often sent through email attachments and phishing virus’ are often found in unknown links. Recently I received links to “docusign” documents from two separate trusted clients. They came from the correct email address and with the first I