For the second time in two months governments and organizations are scrambling to contain a massive ransomware attack involving Russia, Ukraine, Spain, France, India and the UK. Bentley professor and cyber security expert Steve Weisman shares thoughts below on why the attack was able to happen:

• The particular Microsoft vulnerability that this ransomware exploits has been patched, but some companies, government agencies and individuals had not yet installed the patches when they had become available recently. 
   
• In addition, many of the affected computers were using outdated Windows operating systems, such as Windows XP which are no longer regularly updated with new security patches.  These older unsupported systems should not be used by anyone. 
   
• Microsoft has taken the unprecedented step of providing security patches for these unsupported systems now in addition to its already issued security updates for presently supported Microsoft programs.  Here is a link to an important memo from Microsoft with links to free security updates if you are still using one of those older operating systems.

Weisman can also discuss tips for those looking to protect themselves against these attacks:

• This ransomware attack was primarily launched using phishing emails to lure unsuspecting people into clicking on links or downloading attachments tainted with the GoldenEye ransomware.  Never click on links or download attachments until you have confirmed that they are legitimate.
   
• You also should update all of your electronic devices with the latest security updates and patches as soon as they become available, preferably automatically.
   
• As for protecting yourself specifically from ransomware, you should back up all of your data in at least two different platforms, such as in the Cloud and on a portable hard drive. Companies and agencies which can afford to do this, should also use Whitelisting software which prevents the installation of any unauthorized computer software programs.