I'm posting this article by Robert McMillan of the Wall Street Journal verbatim.
The past few days have alerted the wider world to the dangers of ransomware, and it has been an ugly awakening for victims including doctors at the U.K.’s National Health Service, employees at Russia’s Interior Ministry, and staffers at some FedEx Corp. offices.
Ransomware, which has been on the rise for the past few years, encrypts files on a computer so that they can’t be read and the device becomes essentially useless. It gets its name because the culprits post messages on victims’ computers demanding payment, generally in the digital currency bitcoin, to undo the encryption (a promise they don’t always fulfill).
Photo: Ritchie B. Tongo/European Pressphoto Agency
The good news is that there are effective measures to protect against the software in Friday’s attack, generally called WannaCry, and other Ransomware. Here is what security pros recommend:
Take a Hard Look at Your Computer’s Operating System
Still running Windows XP because it is good enough to get your web browsing and emailing jobs done? Then the recent WannaCry headlines are warning sirens. The first thing to do is download the emergency Windows XP patch Microsoft Corp. made available here. That will protect you from the attack that WannaCry uses to spread.
But it is important to know that Microsoft is no longer providing regular software updates to Windows XP, which means there likely are many other unpatched flaws on your system that could cause problems later. The only way to address that is to upgrade your operating system (which could require buying new computers). If you are running Windows 10, you are protected from WannaCry.
If you see those Windows Update messages on your PC, don’t put things off: Update your computer. Microsoft issued the software that protects against the WannaCry worm on March 14, which means some of those who have been infected merely needed to follow instructions and they would have been shielded.
While WannaCry spreads via a Windows bug, other forms of malicious software can spread through flaws in other software on your computer, such as Adobe Inc.’s Flash and Oracle Corp.’s Java. So the next time you see a prompt for a software update from those programs or others on your system, take the time to install it. It helps.
Back Up Your Computer
If you have a backup copies of your files, the ransomware threat rings hollow. And think beyond ransomware. Over time, your computer’s file system faces a growing chance of becoming corrupted and unreadable. If it happens, you will be grateful you backed up those business records, videos of baby’s first steps, and photos of your Hawaiian vacation. As my colleague, Geoffrey Fowler, has noted, there are some really great automatic backup options available these days that run about $50 to $60 a year.
Float Over to the Cloud
Those willing to take a bigger leap can move their files to cloud services like Google Drive, Amazon Drive, Microsoft OneDrive, or Apple iCloud. That shifts a lot of the burden of protecting against malicious software to big companies with greater expertise and resources. You can do this with existing PCs, or by buying special computers using Google’s Chrome operating system or Microsoft’s forthcoming Windows 10 S, which are designed with extra behind-the-scenes security precautions, and make it easier to seamlessly store files in the cloud.
Even with cloud-based files, you still have to be careful not to open any dubious attachments on your own computer.
By now, all of the antivirus vendors have updated their products to detect WannaCry, along with countless other ransomware variants. Antivirus software provides no guarantee that you will avoid the very latest attacks, but it is a sensible step that security experts recommend. The good news is that there are decent antivirus programs available free, including Microsoft’s own Windows Defender.