A week ago, on 12th May 2017, news of the NHS cyber-attack broke, causing complete chaos. Although it hit over 99 countries in total, it was the most high-profile case in the UK, causing operations and appointments to be cancelled.
Earlier in the week, we posted an update for our customers, reassuring them as to how we are looking after their systems and the precautions they should take.
But now the dust is starting to settle, let’s take a closer look at what happened on that fateful Friday, which caused the WannaCry malware to spread so widely and so rapidly.
What is Ransomware?
Ransomware is a viral attack, which is usually distributed via a phishing email (one that looks legitimate and attempts to get you to click on a link or open an attachment).
Once the malware has gained access, it encrypts any files stored on your PC or network, and literally hold them to ransom.
The attackers will demand payment (usually via bitcoins) to have the files and data released – the price of which often increases after 24 hours. Financial gain is one of the main reasons why these attacks are launched.
How was the WannaCry virus different?
Although it is still unclear how the ransomware initially infected the NHS, it seems that this particular virus was deployed by a worm – a program that spreads itself between computers.
Most other malware rely on humans to spread them by clicking on a link or attachment containing the attack code.
But once WannaCry was inside one organisation, rather than just infecting one computer, it then sought out other vulnerable machines and automatically infected them too. And it’s this pattern of behaviour that sets it apart from other types of ransomware.
Vulnerability of an old Operating System
A key factor in the case of the NHS was that they were using versions Windows that hadn’t been updated, or patched, with the latest Windows Security Updates.
Specifically, they had some Windows XP PCs – an old operating system that we were all using back in 2002, which no longer receives security updates, leaving them vulnerable and easy to penetrate.
But, more modern versions of Windows, if they hadn’t had their Windows Security Updates applied would also have been affected.
What can you do to protect yourself?
Install regular updates – make sure all PCs and laptops are protected by the latest Windows Updates. You can have them set to ‘automatically install’ but you do need to check that you’re up-to-date. Alternatively, you can use programs that manage the process for you. This is the most reliable and therefore the safest way of ensuring that you aren’t exposed to unnecessary risk.
Use an appropriate Perimeter Security Device for your size of business (an advanced Firewall) – this will stop a malware virus getting into your network.
Guest WiFi – have a separate guest wifi for visitors, rather than allowing them to use (and potentially infect) your main network.
Antivirus – ensure that your antivirus is suitable for your business needs and properly managed.
Effective Back-ups – make sure you back-up every day with a reliable back-up process so that, if you’re affected, you can roll back to a previous un-ransomed version of your data. Remember, Backup Solutions are often different prices – but the cost difference is usually to do with how quickly you can restore your data. The cheaper solutions will be much slower to restore. More expensive solutions can get you back on your feet in minutes, not days.
CyberCrime Awareness Training – you also need to make sure your human firewall (your team!) is aware of the importance of being vigilant with the latest threats and know what to look out for. A proper training session will demonstrate how current CyberCrime methods work and give you proper advice on how to avoid any expensive attacks.
Unfortunately, CyberCrime attacks are very common and we are regularly dealing with customers who’ve been tricked by ever-more convincing scams.
The NHS example shows how quickly CyberCrime can steal the headlines – but the cynics amongst us may wonder whether the interest of the Press was fuelled by the current General Election – after all, a news story that implies that the NHS is under-funded and using 15-year-old computers makes for some heavy-weight political debate.
But, the fact remains that these types of attacks are common, and are happening to local businesses every week, without making the ten o’clock news.