WHAT DO YOU NEED TO KNOW ABOUT RANSOMWARE…
“WannaCry”, the latest iteration of pervasive ransomware epidemic, became centre stage this weekend when it crippled 22 NHS trusts, and infected 200,000 trusts in 150 countries.
Ransomware targeted 50% of organisations last year and predications for this year are that enterprise targeted Ransomware attacks will be become mainstream, largely due to how unprepared organisations are for any such attack. You may be forgiven (if you read mainstream news stories this weekend) for thinking you are safe if you don’t have Windows XP, the operating system that is still in use the NHS. Nothing could be further from the truth. Ransomware hackers can exploit any operating system that is not up to date, and in the case of “WannaCry”, operating systems that do not always have all critical patches installed.
Just as pertinent, it is important to remember that RansomWare programmers, like all malware programmers and hackers make judicious use of Social Engineering. By not recognising infected emails and website, users inadvertently download infected files onto their machine. This is one of the most popular ways for instigating an attack, which can result in your business being disabled for a significant chunk of time, and worst case scenario, permanent loss of data.
What can you do to protect yourself?
- Firstly, make sure your machines are always up to date with the latest updates. If there are critical patches related to malware that are not in your updates, Cyber Wise is likely to have these available to subscribers on the Cyber Wise website. Click here to go the free tools page to download the patch for your operating system. It has been reported in the news that the patch for “WannaCry” became available two weeks ago but few users actually downloaded it.
- Always make sure your data is securely backed up. If you don’t have a regular backup or aren’t sure, make this a priority. It is by no means certain that if you are a victim, that your data will be restored. In my experience over the last year, every client we have helped with an infection of RansomWare has had to restore their data from a recent backup.
- Install good quality end-point protection. Free anti-virus doesn’t cut it!
- Educate your users – 51% of the worst security breaches last year were caused by human error. Regularly educating your users with courses and simulations can reduce this figure significantly.
- Speak to your provider about best of breed technologies to protect your business
Unfortunately, “WannaCry” is not gone yet and its phenomenal success in infecting so many machines now means that ransomware developers are now quick to release their versions/imitations, so we can expect a second wave of attacks and this will spread beyond the NHS to businesses everywhere. Europol chief Rob Wainwright told the BBC last night the act was ‘unprecedented in its scale’ and warned more people could find themselves affected this morning. ‘The numbers are still going up,’ he said. ‘The slowdown of the infection rate on Friday night, after a temporary fix, has now been overcome by a second variation…
We have linked Microsoft’s patches for the “WannaCry” ransomware. These patches should be handed to your IT manager to ensure the right version is installed to your computers.If you have any doubts about your security, or need help with your protection, you can contact us here at Cyber Wise; all our tools and knowledge are designed to help make sure that this and other malicious attacks don’t happen to you.