In the wake of the recent global Cyberattack affecting the NHS and other companies such as Nissan, FedEx and Deutsche Bahn, many experts are wondering how 200,000 people succumbed to such a widespread attack. The ransomware known as WannaCry affected over 60 NHS hospitals, GP surgeries and pharmacies across England and Scotland by exploiting a vulnerability in unpatched Windows XP machines; taking down the backbone of many NHS systems and essential services. Once in the system, WannaCry was able to spread from machine to machine like wildfire and impacted thousands of patients across the country.
The economic impact of an attack on this scale is still unknown and only time will tell. It is a bit cliché to say but “Prevention is always better than the cure” and it is advisable that essential measures are taken to protect your business against future attacks.
Written by: Callum Coard
What is Ransomware?
Ransomware is a type of virus/malicious software which sole purpose is to deny access to your computer systems until a large sum of money is paid. Typically, Ransomware restricts access by encrypting your entire file system and in some cases, these files are not decrypted even when the ransom is paid!
The most common method in which Ransomware infects networks is through your inbox and hidden in Word documents, PDFs or URL links. Phishing attacks tend to be the most successful route in but other ways such as unpatched operating systems, USB sticks or even infected mobile phones joining the network would do the trick.
Why you should be concerned
No business is ever 100% safe from a Ransomware and it’s more common than you might think. In many cases the attacks are targeted, with some sources claiming professional services are the most affected industry closely followed by healthcare. Typically at least two days’ of downtime is in store for any businesses who becomes infected; halting productivity and damaging their reputation.
The mind-set of “I’ve not been affected yet therefore I’m safe” is a one to take with caution. The IT community recognise the severity of Ransomware in recent years and conscious that the numbers of attacks are only going to rise. When attacks are foiled by security vendors the criminals re-evaluate the weaknesses in the code and the behaviour of their bots and discover new and innovative ways of getting into your business.
Tips for Combat
Ensure you’re backed up – Once encapsulated after a Ransomware attack is an extremely difficult to decrypt your environment without the key. A solid backup and a strong disaster recovery plan is vital to get your business back up and running after an attack. Not having one in place is a risky move and highly unlikely that your IT estate will be recovered.
Be careful what you open – Opening unsolicited attachments in emails from unknown people isn’t a wise move. Many cybercriminals use this method to deploy their ransomware and once they’re in it’s very hard to kick them out. Remember, 97% of phishing emails contain Ransomware.
Keep it patched – Patch your servers and desktops with the latest Windows updates to reduce the chance of vulnerabilities penetrating your network. The exploitation of security bugs in popular applications is a trick used by hackers to get into your system and preventing this is essential for mitigating against an attack.
Keep Vigilant – Ransomware is prevalent and surprisingly can slip through the cracks of conventional anti-virus and web-filtering products. We advise that appropriate measures are taken to ensure your AV is updating, that the ports on your firewall are tied down and to consider investing in products such as Intercept X which stops a Ransomware in its tracks.
Are you worried about Ransomware and whether your business is protected?
Contact CIS this month for a free vulnerability assessment – 01367 700 555.