Prevent Ransomware: Update Java NOW

Ransom Note: Pay Up or the Computer Gets It

Whether you have a Mac or are running Windows or Linux on your PC, you should update java immediately. Read on to find out why…

Sure. We’ve all had spyware. Ads, popups. Annoying.

But what about having control of your computer taken from you by malicious hackers… and then being forced to pay a ransom to get it back?

Kinda makes a pop-up ad seem like a welcome annoyance by comparison, doesn’t it?

Ransom Note: Pay Up or the Computer Gets It
Prevent Ransomware: Images courtesy of redjar and MC4 Army via Flickr

This type of modern cybercrime attack is known as ransomware. And although it isn’t really new, it hasn’t been seen in the wild nearly as its annoying cousins. As it has evolved, ransomware has grown in its complexity, not to mention in the compelling nature of the demands being made by its creators. Some of the more sophisticated versions involve threats to report you to the police for your illegal downloads (you can use your imagination here) if you don’t pay, and even official-looking “fines” that appear to be messages from law enforcement.

Why This Is Urgent

Recently, a vulnerability in Java was identified. Java runs on virtually every PC (Windows, Mac and Linux) and a substantial number of mobile and other devices as well. There are many applications that rely on Java in order to function, and it’s hard to picture a world without it. Mashable estimated the number of computers affected at 850 million.

Java is owned by Oracle, which updates the software platform from time to time in order to provide feature enhancements and to fix security vulnerabilities. The most recent vulnerability to be discovered actually allows hackers to take control of your computer and download ransomware to it, not to mention the other exploits they develop.

Chances are really good that your computer is running some version of Java 7. Any version of Java 7 other than the just-released “Update 11” contains this vulnerability and should be patched right away. Without patching it, you run the risk of a “drive-by” download of ransomware (or some other bad-behaving software). Often this happens without your knowledge.

This vulnerability was discovered and publicized on January 10th by a blogger named Kafeine. Until it was patched, the only option available to prevent exploits was to uninstall Java from your computer and/or disable it in your web browser.

Thankfully, Oracle announced today that the vulnerability has been patched with the release of Java 7 Update 11. All users are advised to download and install this version right away. Most users only need the version labeled “JRE” as the “JDK” version is primarily only necessary for software developers.

The following tweet went out from Oracle’s official “Java” account at 4:43PM Eastern:

Once again, my recommendation is that you download and install Java 7 Update 11 (the JRE version) right now.

P.S. If you are reading this because you have a computer that is locked up with ransomware, don’t pay the ransom. Use one of the many available tools to remove it. Here’s a good place to start for free.