WannaCry, everything you need to know to stay safe
WannaCry hit the world with a BitCoin payment request to restore files for multiple people, using a security breach in the Windows computer file and folder sharing protocol.
In the midst of the crisis in Brazil, which arrives overwhelmingly, and the digital crisis that has occurred all over the world, shares on the world stock exchanges fluctuate as never before.
Information security has been put in check, but we have companies that despite having a good information security planning, with security policies and controls in place, they were evidently still affected, even if at least psychologically.
The psychology that acts on the human being, based on emotion, makes us say clearly that we are exposed. This fear that has caused companies to shut down all computers for 15 minutes, or for the rest of the day, has clearly stated: there are no security investments here.
The reaction we have is clear and evident, that there is no security, or that at least the stakeholders, managers and senior managers of large companies, are few or minimally concerned, leaving the responsibility of security to a small team and only remembering if in fact security, only when the threat is assessed and causes losses of thousands of dollars and falling shares on stock exchanges around the world.
Leakage of digital information has been inevitable, and ensuring a secure system has been increasingly difficult, as current security controls, no matter how secure they are, still cannot prevent the human being from feeling in fact completely protected. .
As much as it is really safe, no one feels safe seeing that thousands of computers are being hacked, and hence the question: "Am I not going to be hit? Impossible!", And then the conscience weighs higher and soon the best a to do is to cut the power grid and stop everything, after all, it has not been invested enough in safety before.
A new WannaCry, with a new version is spotted on the internet, and probably soon, we will have a new outbreak, so that we will weigh our knowledge, advance and raise security controls, to acceptable margins of work.
In 1999, when the Internet was still crawling, the most known types of viruses were not like that, at that time, viruses were programmed to overclock RAM processors and modules, increasing voltage or clock, aiming to burn and / or damage the maximum possible equipment. Mass destruction was the focus.
Nowadays, the focus is different, it is to make the virus run in a totally transparent way to the user, letting him use the computer or cell phone as he wishes, but take advantage of the hardware and internet resources at idle times for larger execution tasks, such as mining bitcoin, encryption or data breaches, among others. It is no longer common for viruses that are visible to users, and those that do this are certainly amateurs.
The fashion of encrypting files and asking for a value to decrypt is not new, it seems that we went back to 1999 where the virus was destructive, wiping out people's computers, but, at that time, everyone was still used to photo albums, cameras of films, and everything had to be printed on paper, bills, contracts, etc. It was not common to have digital items.
Currently, our life is not only on your computer, but wherever you are, on your phone, on the internet, on your Google Drive, One Drive, Dropbox, Box, 4Shared, etc. Your data is out there and in many cases, public for anyone to view, in exchange for the security of "if your computer is affected, your files are safe here".
The reality is that nobody trusts their own equipment, so they prefer to outsource the feeling of security to other people and other companies, and depending on the risk, establish contracts and if the risk is measured, they determine fines for payment.
New, more destructive viruses may arise, but many of the apparent viruses are just the tip of the Iceberg, as there are countless ones that are invisible, performing DDoS on internet sites, or performing specific purposes, attacks, thefts, or any other type of service appropriating thousands of zombie computers around the world, as well as smartphones (which by far stay online longer than computers, don't they?)
In the long term, at least, it is possible to determine that these types of viruses will no longer be on computers, but on mobile devices, cell phones, and in the cloud, stealing passwords from essential services, receiving activation messages from cell phones and accessing the user account and encrypting user data. Have you ever thought of a WannaCry running on your Google Drive now?
There are good backups, especially if they are not accessible on the internet, on media saved by security, backup or snapshot plans, or derivatives, like migrating everything to the cloud once and for all, and trusting security and policies of a company strong and safe enough to bring you the necessary sense of security.
Just like stocks on the stock exchange, we should never keep our equity in just a single asset, so it would be obvious that your data should be distributed across multiple services at the same time, as it would be very difficult for a massive attack to attack multiple companies at the same time. , the ideal scenario would then be to use various cloud services from several companies, to store your most confidential and main data, this even ordinary people, because keeping photos on Google Drive, One Drive, if you lose a service password, at least will have everything in the other.
Come to WannaCry, we are ready. It will not hit us, as we are doing our homework, investing in security and knowledge, and we will not be affected, and this is not psychology, this is fundamentals based on really safe controls: securely distribute your files, and protect your patrimony.
See you.
No comments