First billed as Rasonware, we know now that the Petya malware is a cyberattack weapon. Instead of holding your files for ransom, this nasty bit of code destroys your data. Period. There is no way to decrypt the data and, as noted by the Wall Street Journal yesterday (Cyberattacks Forces West Virginia to Scrap Computers) Petya has taken a financial toll and significantly impacted the daily operations of Princeton Community Hospital in West Virginia. The entire hospital has junked the network and gone back to paper. I encourage you to read the article to fully appreciate the impact of this cyberattack.
For the home or small business user this impact could be equally impactful. Could you afford to lose all your family financial data, pictures, customer lists, invoices, production notes? Most likely the answer is it would devastate you. The question is, what steps can you take to insure you have a secure environment that these types of attacks do penetrate your computers.
If you have a Macintosh, Petya doesn’t impact you (as it uses a Windows vulnerability) but that does not mean that you are safe. These recommendations apply to all computer users and are best practices that will prevent you from falling victim.
Have a Back Up Strategy
You need to have a strategy to back up your critical data. Time-Machine and Restore points is not sufficient for a cyberattack like Petya will likely destroy that data too. You have a few cost-efficient options that are easy to implement:
- Cloud based back-up. Services like Drop-Box, One Drive, Google Drive, and others are effective at synchronizing your data across machines and does serve as an effective backup for some files. For large files (like multimedia) this may not be cost effective for you.
- External Drives. USB drives are fairly cheap with large capacity. Back up is easy and most come with software that you can use to do just that. But, don’t keep your backup drive plugged into your network. If you do, it will be open to attack. Backup your data and store your drive in a safe place when done. Repeat weekly or monthly.
- Backup Hosted Service. Data Integrity, Availability, and Confidentiality are critical to professional small businesses (such as lawyers offices, health providers, etc.). Consider an enterprise level hosted backup service that provides real-time offsite data storage. Data storage is these environments can be legally complex and a DIY could be problematic.
Keep your OS up to date
Modern operating systems are robust and include the ability to automatically download and install critical updates. Windows 10 does this by default but other operating systems you must manually turn this feature on. Unless you are an experienced professional I highly recommend that you have your OS download and install system updates automatically.
Protect your Environment
If you have pets and kids you probably have a fence in the yard or at the playgroud. Why? To keep them in and the bad guys out. Your computer is no different you have to install the fence to protect what is important.
- Anti-Virus program. These not only scan files on your computer but should also scan your email attachments and be able to real-time scan activity on your hard drive. AV programs update signature files daily and is a critical software install.
- Firewall. Modern OSs like MacOS and Windows have a built in firewall that will protect you against moderate intrusion activity into your network or computers. A third-party software solution to add additional capability can really lock out intrusions. Not a must, but I highly recommend that you install one.
- Anti-Spyware. This is usually found with the AV software to protect your web browsing activities from malicious web sites.
Just Say No
Attacks from Petya and WannaCry use a technique call phishing to get in your computer environment and do damage. An email attachment is sent to an account and if someone on your network opens the attachment you become effected. Do your kids know not to open emails in their SPAM folder? Spyware can help identify it but you and your family/coworkers have to be proactive to avoid it. If in doubt, don’t click it, use your AV software to scan it and make sure it is safe:
- Are there typos in the name of the sender of the email?
- Does it as you to “click here to login?”
- Is it legitimate to your business or unsolicited?
These are the basics. There are more advanced methods and technologies that can be used. But just like the Army, if you fight using the basics then you’ve won 90% of the battle. I’m sure there will be more attacks and malware sent out into the wild in the future. They’ll exploit the weakest links so practice and stay cyber-safe, ya’ll!