On the heels of one of the largest cyberattacks in history comes warnings about new versions of a ransomware expected to be released.
The virus has hit thousands of computers in 150 countries since it started spreading on Friday.
Ransomware is a type of virus that locks up digital files and demands a ransom to be paid in order to release them. This is something that can lead to the loss of sensitive information, disrupt daily operations, financial loses or could even ruin reputations.
It disrupted hospitals, schools, businesses and other aspects of daily life in Europe and Asia. So far North America hasn’t been hit, but people here aren’t taking their chances.
IT specialists from St. Luke’s and Boise State University, two types of entities the FBI lists as likely ransomware targets, said education is one of the biggest ways they try to prevent being affected by one of these attacks.
According to USA Today, Friday’s ransomware attacked impacted more than 20 percent of hospitals in the United Kingdom.
Shawna Hofer, the head of cybersecurity for St. Luke’s, said a reason hospitals are a likely target for malware is because of the valuable information hospitals have. She said a patient record is worth more to hackers than a credit card number. To keep that data safe, Hofer said cybersecurity is a shared responsibility at St. Luke’s.
“It is critical,” she said. “At the end of the day we can implement all the automated controls that we can, but really it just takes one person to click something or send an email to the wrong place and essentially we could have a patient impact."
Typically in a ransomware attack, victims will see and email that looks legitimate, open an attachment or click on link, and that actually turns out to be malicious.
Max Davis-Johnson, the associate vice president for IT at Boise State University said those emails are becoming more sophisticated.
"They make them look like they're coming from me, they make them look like they’re coming from the president, any number of people from the university," he said.
But there are red flags to look for like grammar and misspellings, a sense of urgency or a threat, and if they’re asking for login credentials.