There is no hiding from it, the UK and potentially world had a huge wake-up call to the future of crime and potentially warfare with the Wannacrypt ransomware wreaking havoc across the NHS and commercial enterprise. What do we know about this latest threat?
Research shows that the attack hit more than 100 countries and whilst we are still counting early indicators at the start of the spread showed over 57,000 infections with Avast alone, and Kaspersky identified 45,000. Major organisations were hit, The NHS, Fedex, Telefonica and the Russian interior ministry. Interestingly reports suggested that although originating in the USA, the US was relatively unscathed.
How did it work?
The attack exploited a vulnerability in Microsoft Windows that had previously been identified by the National Security Agency (NSA) in the US. This has now been closed and Microsoft has issued detection and protection tools, even for Windows XP which had previously been end of support.
Once infected the ransomware demand victims to pay $300-$600 to unlock and unencrypt each machine. At present, nobody knows who the hackers/criminals are but the conspiracy wheels keep turning with the timing of the attack being just a day after US president Donald Trump authorised an upgrade of US Cybersecurity. However, we have no opinion and will wait to see what unfolds.
How it affected our customers
One of the crucial elements for any cyber-attack is the ability to exploit system vulnerabilities and these are often left open when companies and individuals fail to update and apply necessary system updates and patches. We have all been guilty of throwing our hands up, when the proverbial message pops up on the screen asking us to install updates and many people like a snooze button click the snooze/install later button. This leaves us exposed and with viruses and malware spreading in real-time provides a window of opportunity for those that wish to cause harm.
Our team ensures that all customers systems and computers are automatically with all the latest updates (this needs to be across an entire company) and provide some heavy protection in terms of Antivirus, Malware and Ransomware protection. The result was that, not a single client was infected with this outbreak. We did however still spend time at the weekend checking systems to ensure that Monday morning was as pleasurable as the last.
Tips to Prevent Infection
To help you or family member defend against attacks such as Wannacrypt there are several things you can do.
Backup your data
Ransomware encrypts your data and destroys it if a ransom is not paid. Ensure you are regularly backing up your data, this will mean everything is not lost and can be restored. Customers with our backup services will already have this in place.
Be vigilant and look for .exe files in email
Filtering and not clicking on any email with a .exe file attached is recommended. These file types once clicked, can compromise your security and are often used as a delivery mechanism for many cyber-attacks.
Run CryptoLocker Protection
We ensure that all our Office Guard support and Server Guard support customers have automatic Cryptolocker Protection which although not foolproof (nothing is) delivers an additional layer of security and is far more stringent and secure than standard Antivirus solutions.
Run good Antivirus and Malware software
Ensure all your devices are running Antivirus and Malware software this will block and detect the vast majority of attacks/infections.
Patch and update software
This is critical, Malicious attacks exploit weakness found in software which is why frequent updates are supplied by software companies. These must be up-to-date otherwise your systems are vulnerable to attack. For example, if you run a windows XP device turn this off. XP is no longer supported by Microsoft and has no updates making it very insecure.
Set system restore points
Most Operating systems allow you to set a restore point which is a snapshot of the system at a particular date and time. This can help restore computers in the event of failure or infection.
Browse and Download From Only Trusted Sites
Only visit and download from sites you know are reputable and can be trusted. Again, many malicious downloads can contain an executable (.exe) file that can compromise your system.
Do not open/click anything from an unknown source and watch for Phishing
Be vigilant about emails, the sender, and any attachments. Only click those you know and report any emails that you feel may be suspicious. Phishing emails can be clever and will often ask you to perform an action that opens a gateway to your computer and systems.
Disconnect from the network and report any infection immediately
If you feel your computer may have been compromised in any way, disconnect this from Wi-Fi and your network to prevent any spread of malicious code or programs.
We have not seen the end of the Wannacrypt attack and with this having a measure of success will only fuel the malicious intent of others, resulting in yet more large scale and even more intelligent attacks in the future.