A massive ransomware attack struck globally infecting organisations and companies including the NHS, Fedex and Renault. Dubbed as Wannacrypt the virus is being delivered by email and also exploits vulnerabilities in un-patched computers, with computers running older Windows XP being the most vulnerable.
What is Ransomware?
Ransomware is a form of malicious code or ‘malware’ that encrypts files on the infected computer and network and demands a fee to decrypt the files.
Holding your files to hostage the ransom increases as time goes by with files eventually becoming unrecoverable if payment is not made, paying the ransom does not guarantee the release of your files.
Ransomware is usually delivered by emails containing links to the malicious code or well known file types such as Word Documents or PDF files which are usually considered friendly, safe file types. The files usually contain the code to infect the computer and spread to the wider network.
Example of the Wannacrypt ransomware demand screen
Also known as Wanna Decryptor 2.0, WCry 2, WannaCry 2 and Wanna Decryptor 2, this form of ransomware is the particular strain to have hit the NHS.
The wannacrypt appears to demand $300 in bitcoin, a digital currency which is virtually impossible to trace where the money has gone.
The wannacrypt virus is confirmed to be the virus that affected NHS computers and computers of other organisations and businesses in 74 countries worldwide.
The result of an untargeted phishing email scam the virus is likely to spread by users unwittingly opening an infected email attachment which runs the malicious code. Security vulnerabilities, such as those in Windows XP are also being blamed and is being confirmed as the cause for the attack on the NHS.
Windows XP Vulnerabilities
Microsoft ended its support of the Windows XP operating system in April 2014. This means security updates and patches for the operating system are no longer provided and customers were urged to upgrade to a newer operating system such as Windows 10, Microsoft’s latest operating system.
Despite this many businesses globally are still running unsupported and outdated Windows XP which contains the vulnerability being exploited in this attack.
Preventing Cyber Attacks
Cyber attacks can be prevented by taking certain steps in your defence against cyber-crime. Up-to-date software must be a priority.
Cyber Essentials, a government backed cyber-security scheme and the National Cyber Security Centre’s Ten Steps to Cyber Security offer businesses access to do-it-yourself cyber security frameworks. These should be considered as part of your approach to corporate governance and risk management.
Other simple measures to protect against cyber attacks include:
Don’t run outdated hardware and software
Ensure all operating systems and applications are fully up-to-date and running the latest version. Replace out-dated systems at your earliest convenience e.g. Windows XP and Windows Server 2003 operating systems.
Proactive patching and updates
Ensure patching and updates are applied regularly to fix known vulnerabilities. If not already done so, apply the critical MS-17-010 security patch as a matter of urgency.
Windows XP and Windows Server 2003 users should apply the special patch Microsoft has released.
Grant users only access to the areas and files on your network they need access to in order to perform their jobs. Limiting access in this way can help to prevent the spread of any attack on your network.
It is increasingly important for users to be aware of the potential risks of using email and should be vigilant and take extra care when opening emails and any attachments. As malware grows in sophistication, you can’t rely 100% on your spam blocker to catch everything. Users should look out for the senders email address, grammatical errors within the email and the name of the attachment i.e. if an attachment is named ‘invoice’ does the user usually receive invoices and if not should not open the attachment.
Managed Cyber Security – Infinity Business Systems
At Infinity Business Systems we provide a multi-level managed security solution for businesses of all sizes. Combining several methods including Email Filtering, Endpoint Anti-virus software, Web Protection / Content Filtering and Backup and Disaster Recovery, our approach will keep you ahead of the ever evolving threat landscape.
Our industry leading vendor solutions will detect, limit and block the attempt of any ransomware attacks. As best practice, anti-virus and anti-spams should be used to reinforce your defence.
Built into our multi-level cyber security approach, our backup and disaster recovery solutions provide the ultimate assurance that can get your systems working as quickly as possible in the event of an attack. This must not replace vigilance, prevention is better than cure.
Want to know more about how we can help?
If you’d like more information about our approach to the cyber-security services or would like to arrange an audit or perhaps assistance with recovering from a Ransomware Attack, please contact us or call 0116 222 5322.