Wannacry and Encryption Viruses

After the recent virus attack in May 2017 which made headline news there was naturally a wave of worried Windows users. This type of attack however is nothing new unfortunately and has been attacking Windows based computers and laptops for the last few years.

What does it do?

After clicking a rouge link and opening a fake attachment a script runs which encrypts all the data on your machine. Encryption is designed to stop anyone accessing your data except the people that own the encryption key. You are then left with a message and instructions on how to get your data back which usually involves sending hundreds of pounds to criminals. Years ago, when this first occurred a system was in place where you could get your data back. Believe it or not a helpdesk was in place who would assist you in paying and recovering your data! Now however, off the shelf virus packages are cheaply available which can be modified by programmers and used in the same way.

The problem is that there is no system in place to get your data back. Paying is bad enough but paying and still not getting your data back is a double blow.

It would be naïve to suggest that you can take steps to completely eliminate this threat. Like all viruses whatever payload they carry the people writing them are as skilled if not more so than the people there to stop them. If you have a leak in a pipe you get it fixed after it leaks you are not aware there is a problem until it happens. Generally, this is the same for Computers. A “way in” or weakness is found and exploited – the weakness is fixed or “patched” after the event. One step behind always.

Once your data is encrypted it’s basically gone forever so never be over confident that you will avoid it.
The most important thing a home or business user can do is make sure that they have a backup of their data in place. Make sure you back it up regularly – if you only do it once a month you’ve lost a month’s data. Only once a week that’s a week gone. Find out how much you can afford to lose and then base your backup schedule on that.
A USB drive used to back up your data that is permanently connected to the computer will also affected by the encryption.

Back up your data to a USB drive and then move it (unplug it) away from the PC. Businesses should also try to get a copy moved offsite to protect against other issues such as fire and theft.
A cloud drive will also be affected by the encryption but check that your provider gives you previous versions that can be restored.

A business saving their data to a server or other pc used as a server has another chance of recovering data through the “previous versions” feature as in the past the virus spreading only affects data paths and does not destroy the shadow copies of another PC.

Make sure you are not using an out of date unsupported version of Windows. Windows XP has not been supported for updates since 2014 although to be fair Microsoft released a patch for these systems in May 2017. Don’t expect them to keep doing it though. Even Windows 7 is in extended support now for updates which runs out around 2020.

Make sure you keep up to date with Windows updates. Don’t just assume – check manually. Windows updates are generally found in the control panel or simply type “windows update” in the search option of windows (start menu or cortana). Updates although a pain patch holes in the system. An up to date PC is less likely to get hit than a patched one.
Make sure you have a virus program in place. Do some research – does the built in windows defender (built into 8 and 10 but downloadable for 7) give you enough protection? Does your existing one provide enough protection? Sadly most of the time you have to find out the hard way.

In my experience of fixing virus issues over the last 13 years for PCHeadache, 99% of people have virus software installed on a PC with viruses. A virus program seems to be for most people a comfort blanket that if you have it you’ll be fine regardless. This is not true.

Email Scams

Email seems to be the most likely method of infection so make sure you are aware of how rouge emails are designed to trick you. A fake email may say you are owed money or owe an outstanding amount. There are many types of these scams fake Apple ID resets, Amazon, Paypal, DHL deliveries etc.

They are fairly easy to spot as 90% of the time you haven’t asked for this or are not expecting it. The danger comes when you are expecting something from someone and then you get an Email.

Always check the email address it has come from. The name may say Apple etc but if you actually check the address behind the name it will look suspect.
Fraudsters are getting better at this and can go so far as having just one letter mispelled in the domain name so it’s important to look carefully.

Ultimately i must repeat no matter how secure you are or think you are you can never be 100% safe. This is why a regular backup is so important and to move it away from the PC after doing it.

How to keep a clean PC
in summary update your old system to a newer up to date version such as Windows 10
Update it manually to make sure it is 100% working and up to date
Install good virus software
Install Crypto Prevent
Run CCleaner
Minimise your un wanted start up processes from MSconfig or the Start up area of Task manager
Back up your data regulalry
Be careful on emails.