As you may be aware a massive ransomware attack spread across the globe over the weekend locking up thousands of hospital, telecommunications, and utilities systems. Whilst the ransomware was first detected wreaking havoc across the NHS network, the infection quickly spread worldwide with researchers observing 75,000 infections across 100 countries.
What is Ransomware?
Ransomware – a malicious program that locks a computer’s files until a ransom is paid – is not new but the size of this attack by the WannaCry malware is unprecedented. According to specialists the attack used data stolen from the NSA to exploit vulnerabilities in old versions of Microsoft Windows and deliver the WanaCrypt0r ransomware.
So what has happened and how can you protect your organisation from such an attack.
Take care when opening emails and clicking on links
- This is the most important and often neglected aspect of protection. Although the WannaCry infection spread across vulnerable machines via a worm that took advantage of old unpatched machines the infection started from someone opening an infected file in an email. Organisations should have a strong policy for educating staff on what to look out for in emails, web-links and other unsolicited correspondence on their computers, phones and tablets. The number one method for initial infection is via this method and it is easy to stop through good user guidance and practice. IF YOU DON’T RECOGNISE THE SENDER OR THERE IS ANYTHING REMOTELY SUSPICIOUS THEN DO NOT OPEN THE EMAIL – report it to your IT team or delete instead.
Update Windows software and all antivirus
- Ensure that your Microsoft Windows Software is being patched regularly, Microsoft released a patch for this vulnerability in March but many business’s haven’t updated leaving computers open to this attack.
- Ensure that your ant-virus software is up to date and licensed and that any security devices are being used appropriately.
Ensure you back up regularly
- The importance of this cannot be over emphasised as the simplest resolution to an encryption attack is to delete the affected data and restore it from a backup. Backing up to a local device or another resource on the same network is NOT an effective solution as these devices could also be encrypted in the event of an infection. Backing up your data to an external source such as our remote backup service and conducting regular recovery exercises should enable you to recover quickly and not have to pay a ransom limiting the negative effects of such an attack.
Should you require any further information or advice on how to keep safe, do not hesitate to give one of our team a call for a chat. Make sure you are taking the right precautions to keep your business safe and running. Call us on 024 7699 5930 or 024 7669 4489 for any concerns you may have or if you would like a full security review.
Maxine Bridgeman & Jonathan Howells