Petya is the latest ransomware hitting millions of computers around the world. Most infected computers are in the Ukraine, where "patient zero" is believed to be. From there it branched out to Russia, Poland, Italy and Germany. It takes advantage of the same flaws in Windows 10 that WannaCry did. Fortunately, it hasn't really hit the U.S. yet, but we'll see more infections as time goes on. Our CIA intelligence service discovered it and didn't say anything because it could use it to spy on others.
Image: SecureList / AO Kaspersky Lab
Mary has an old XP computer and she's worried about getting the WannaCry virus. Can she get a patch to protect herself? Leo says that Microsoft has ended life for Windows XP, but did make a patch for it and she can go into Updates and get it. But according to Leo, 98% of infected computers with WannaCry are Windows 7 computers. So XP isn't even on the radar. It doesn't hurt to be safe, though.
WannaCry is ransomware that can lock up your data unless you pay the hacker who created it. WannaKiwi, however, finds the crypto key in your PCs RAM to undo the damage. It only seems to work about a third of the time, however. That's why Leo says to make sure you don't get it by altering your behavior, and by making sure you have current backups of your data should it happen. One thing you should never do is pay up, because you don't know if you'll get your data back, or if there's something even worse getting installed.
Last weekend, the WannaCry Ransomware bit several hundred thousand computer systems, including sixteen hospitals in the UK. The ransomware infected the systems and encrypted all data. The reason this one was really bad is that it was a "worm," or a "network aware virus" that would spread out over the local area network to find other computers to infect, and bring the whole establishment to its knees.
Grover has a popup that says to call Microsoft Support. Has he been bit by ransomware? Leo says no, probably not. It's a phishing attack, but it's to try and get him to call in and then they charge him and access his computer. It's Scareware, really. He can ignore it, but it keeps popping up and he has to reboot his system to get rid of it. He even replaced the hard drive, but it didn't help.
The latest ransomware attack is called WannaCry and it's spreading via phishing email attacks. The ransomware not only encrypts your data — it also has a built-in kill switch on websites. Security researchers may have crafted a fix to it, but there's a catch. The encryption is done using Microsoft's bit locker, and the fix is to take advantage of a flaw in the cryptographic memory that keeps the keys in RAM so it can harvest them and unlock your data.
Scott got bit by ransomware on all his work computers. Since the data is backed up, the course of action is to wipe the drives, reinstall the OS, and restore from the backup. Always keep yourself backed up and updated to prevent things like this from happening.
Here's what you can do to protect yourself:
1. Keep all software and OS updated on your machine.
2. Run as a limited user. NEVER an Admin.
3. Do not click on links from strangers. Do not accept unexpected attachments.
Richard got bit by ransomware. He got an email from FedEx saying they couldn't deliver a package and then when he clicked a link, 10 minutes later he got a message saying all his files had been encrypted. They wanted Bitcoin or his data would be lost.
Ransomware has always been a terrible plague of the internet, where bad guys inject software into your computer through phishing emails. They usually trick you by saying it's from your bank, the IRS, or even your boss asking you to open something. When you do that, it's an application that runs and scrambles all of your data and asks you to give them money to get the data back.
Victoria has an 09 iMac that runs El Capitan, but she got bit by ransomware. Leo says that's odd because the only ransomware is called "Transmission" and it's been eradicated after only being out in the wild for a day through Bittorrent. She gets a pop up that says "your computer is infected," though. Leo says that doesn't mean she has ransomware. It's actually a phishing scam trying to get her to install malware. And she can't get infected by it anyway. What it does mean is that the website is infected and she should avoid it.