RansomWare (Don’t Lose all Your Stuff)

Ransom Ware Banner

“See, I am sending you out like sheep into the midst of wolves; so be wise as serpents and innocent as doves.” 

                                                                       -Matthew 10:17

If you watched the news at all this past weekend, you may have heard about a damaging international cyber attack that disabled computers around the world. The ransomware attack locked users out of computer systems, encrypted files and, in some cases, deleted all user data. Users looked in horror at screens that demanded money in exchange for control of their computer.

While the scale and speed of this attack was unique, similar attacks happen every day. On our personal machines, attacks like these could mean the loss of important files, photos, videos and emails. On our church or non-profit computers and networks, the impact could be even worse. With this type of threat lurking on the internet, how can we keep our computers safe? Below are a few things to keep in mind to lower your chances of being compromised. I am writing these suggestions with churches and non-profits in mind. However, most of the same suggestions should be effective in keeping your personal computer safe.

1. Get someone who knows what they are doing help you take care of your computers and network.

ITGuyWhether you have one computer or a network of fifty, it is time to get some professional help. You likely have a lot of essential information on your computer(s). Many churches now have their member databases, financial information, and giving records stored on these machines. You need someone to make sure you are making backups, running antivirus and malware scans and that your operating system is up to date. If you can’t find a well-equipped volunteer, it is worth paying someone to do some work for you. At the conference office, we rely on a managed services company to keep an eye on our computers. They keep our anti-virus software up-to-date, install all the proper updates on our computers and servers, and keep everything backed up in case something goes wrong.

Note: For the do-it-yourselfers, I am not going into all the specific things you need to do to your computers. You likely already know or know where to find the information. 

Please be sure that you are downloading the latest operating system security patches . Windows PC’s without the security patch released in March were infected with the WannaCry/WannaCrypt ransomware attack. If you are running a legal subscription of Microsoft 7, 8 or 10; these patches install automatically if you are allowing automatic updates.

2. When opening emails, think before you click.

Screen Shot 2017-05-17 at 5.55.59 AMThough these attacks are technologically advanced, they are introduced into computers in a very old-fashioned way. Most of the time, they rely on simple deception, requiring an unsuspecting user to click on something. In this latest attack, it was a link in an email. Other times, it is a link on a website or a popup alert. Don’t fall for it.
The most prevalent type of attack lately is a combination of ransomware with a soft-targeted phishing attack. Software patches and backups can help here, but the best defense is vigilance. Before you open an attachment, stop and think. If you get an email with an attachment from someone you don’t know, it should raise a red flag. Read the email carefully. If someone is sending you an unsolicited file with no information, you should not download it.

You also need to be careful with emails from people you do know. Just because an email looks like it is from a trusted sender, it may not be. In just a couple of minutes, I can set up an email to look like it is from anyone I want it to be. (I can do with a phone number too.) And I am no elite hacker.

If you have asked someone to send you a specific document and they do, chances are, you are okay. But if someone sends you and unknown file that you weren’t expecting, think it through. It might be worth your time to give them a call. Never download a file with an .exe extension unless you are totally sure it is legitimate. These are executable program files and can easily contain malware. Also, zip, .rar, and .7z can be especially dangerous as they archived files. You won’t know what is in it until you open it. Unless someone has notified you that they are sending a compressed .zip file, don’t open it.

Your security software will try to help you avoid downloading dangerous files. However, you might be tempted to override the warnings. Don’t.

3. Be careful when downloading software or other files from the internet.

A lot of malware comes from websites that offer free downloads. That doesn’t mean every download is malicious. However, be especially careful around sites that offer, for free, things you normally have to pay for.

4. Watch for pop-ups.

FakePopupOnce in a while, you might get a pop-up telling you that your computer is already infected with something. Most of the time it is not. However, when you click on the link in the pop-up, you might download the malicious code. Don’t click. Take a breath, and call the computer expert you connected with in step one.

Sometimes the pop-up from your browser will say it is actually a message from Microsoft that says your computer is infected and you need to dial this phone number immediately. Microsoft will never ask you to call them. Be careful where you click, try to close all the browser windows and all the pop-ups that follow.

Everyone is vulnerable to this type of crime. Hackers don’t have a soft spot for Christians. Remember, Jesus warned us that things would be tough in the world. He challenged us to “be wise as serpents and innocent as doves.” So, think before you click.

Thanks to Rio Texas Communications Specialist, Austin Newton, for his input on this piece.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s