This post is actually a link to the US-CERT. A CERT is a Computer Emergency Readiness Team. Companies and governments lift CERTs to be able to deal with computer attacks and incidents. Part of their role is to identify and report vulnerabilities.

There is an old-school open feel to CERTs. It makes sense. If you run a CERT and you identify a vulnerability, you need everyone to know, not just the machines you immediately manage.

Ransomware is a big deal lately. Bad guys seem to have moved away from spam for cash and have moved to ransomware for cash. This is particularly nasty because they take money and attack schools, grandmas, and hospitals. There is killing-people potential to these attacks (imagine a poorly networked hospital losing all machines to a ransomware attack. How do we know how many CCs of this drug Mr. Johnson needs?)

https://www.us-cert.gov/ncas/alerts/TA16-091A

My Advice

Protect yourself so you don’t have to pay. Even if you pay, you may still lose everything. Check this out: http://www.theregister.co.uk/2016/07/12/file_deleting_ransomware_scam/