This blog posting is in response to the cyber-attack that hit the news headlines on Friday, 12th May 2017 when a number of NHS trusts were forced to shut down their IT.
The attack involved a piece of software called WannaCrypt, classified as Ransomware, spreading its self around vulnerable machines and then encrypting all the files it can get access to.
The encryption renders the files unusable. They can’t be opened, read or edited. The ransomware then pops up a screen demanding a ransom – reported at either $300 or $600 - to decrypt the files and return access to their owner.
Over the weekend we’ve had conversations with businesses who are worried about their systems. Are they at risk? What can be done to keep them protected?
This outbreak has infected 48 NHS Trusts in England as well as 13 NHS bodies in Scotland. It has spread to 150 countries and caused problems and downtime for many companies from banks to telecommunication providers to delivery service companies.
The attack is indiscriminate. It’s not aimed at any one body and could infect machines in any small business and at home too.
How did it happen?
It’s likely that the first infections were caused by users opening an attachment on an email or downloading something they shouldn’t. WannaCrypt then exploited a vulnerability in Windows file sharing that was patched back in March by Microsoft. This allows the ransomware to spread around computer network quickly.
The vulnerability was utilised in a hacking tool used by the NSA to spy on its targets. It was stolen and then leaked online back in April.
Machines that run the current, supported versions of Windows that have been patched with the Microsoft patch will be safe.
Operating systems that are no longer supported by Microsoft were at risk, however, over the weekend, Microsoft has released a patch for Windows XP and Windows Server 2003. In the case of the NHS there are a number of machines running Windows XP – let this be a warning – upgrade out-of-date software.
What is a security patch?
All software vendors update their software from time to time. In Microsoft Windows, this is done via a service called Windows Update. In nearly all cases, Windows Update should be set to update your system when an update is available automatically. Users have the option to turn this off so beware.
How can I make sure my machines are protected?
- User training and awareness
A lot of problems start with an action from the user. If you receive and email from someone with a link or attachment that you’re not expecting – for example, and Invoice from a company you have never dealt with – DO NOT OPEN THE ATTACHMENT.
If a box pops up on the screen asking if you want to do something – or if you want to allow access to something. If you don’t understand it click No or Cancel. Never say yes or ok to something you don’t fully understand.
Remember you can always ask you IT Department or support company.
- Windows Update
Make sure that Windows Update is set to automatically update your machine unless there is a reason why this is unadvisable (check with IT!).
If your systems have not been updated via Windows update in a while – run a manual update immediately.
Make sure that your systems and files are backed up at least once a day and that a backup is always stored off-site. If you’re not using our online backup service, make sure that you have more than one USB backup drive. Never leave your only backup onto a USB drive attached to your machine – a virus could attack the backup data on the drive.
Make sure that all your systems are protected by Anti Virus software that will protect you against virus’, malware & ransomware. Be sure to ensure that your definitions are kept up-to-date.
- Old versions of Windows
Microsoft has a lifecycle for each one of its products. When the product reaches the end of the lifecycle, support & products updates are no longer provided by Microsoft. If you are using Windows XP or Windows Server 2003 – you should have upgraded years ago. These operating systems are years out of date and pose a massive security risk to your business and should be replaced with modern, supported software. Microsoft has however, as a one off, released a patch for the vulnerability used in these latest attacks. Make sure you patch your system now and the work out a plan to upgrade.
What if my machine is infected and displaying a ransom notice?
Hopefully, you have a full backup of your systems and files. If this is the case, restoring from a backup is likely to be your best option. But be careful – do not attach a backup device or USB disk to an infected machine! You may end up losing access to your backup!
If you need help with patching your systems, reviewing your IT security or recovering from a ransomware attack, please give us a call on 01865 594 000 or fill in the form below.