WannaCry Ransomware Attack – What Should you Learn?
We have mentioned the risks of ransomware numerous times in the past, highlighting how users and organisations should guard against the threats and adopt best-practices to mitigate the risks.
The WannaCry attacks, however, demonstrate a new and extremely dangerous threat as they combine the debilitating impact of ransomware with the self-propagating nature of computer worms.
What is a ransomware virus?
A ransomware virus is a malware instance (or rather a multitude of variants) that either encrypts the contents of a machine’s hard drive. Alternatively it may copy files, encrypt the copies then delete the originals. Users must then pay the malware creators to decrypt their files.
Users are faced with a stark choice: ignore the warning and hope that their back-up procedure is effective, or pay the ransomware demand and hope that the criminals will decrypt their data. There are no certainties that they will.
The WannaCry malware is a particularly dangerous piece of ransomware that took advantage of security gaps in old Windows operating systems. It became well known after it infected major organisations including the NHS in the UK.
Keep your software up-to-date
A huge number of Windows XP and Windows 7 machines were affected by the WannaCry attack.
In an unexpected move, Microsoft took it upon themselves to issue patches for even unsupported software, so it is imperative that these updates are installed and system administrators look to upgrade to more secure software.
You can download English language security updates for: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86 and Windows 8 x64 from Microsoft.
If your organisation is running PCs on Windows 8 or older (like over half of all Windows PCs), you should really look at upgrading to Windows 10. Akita can provide the required Microsoft licenses at cost, and can assist you with the upgrade if required. If this is of interest, please get in touch.
Educate your staff
The majority of ransomware attacks – and indeed most other forms of cyber crime – can be prevented by an informed and vigilant user base. Many instances of WannaCry occurred because company staff clicked on links supposedly from trusted sources.
Akita has written blogs on phishing scams and email scams in the past which may provide initial guidance to staff. Companies can also look to undertake the Government’s Cyber Essentials training which Akita can assist with as required.
Improve your antivirus
The cyber threat level is rising and most pedestrian anti-virus solutions will not provide protection from viruses such as WannaCry.
Akita now offers Sophos Intercept X, an antivirus solutions with specific ransomware protection capabilities. This solution detects if any program is copying or encrypting files at speed and stops the action.
Given the risk of ransomware to businesses, we highly recommend using an anti-virus solution that includes anti-ransomware.
Invest in a security review
Strong security measures are imperative, not just on servers and hard drives but on all parts of your network. With Ransomware attacks now using worms to spread, this remains crucial to protect your business. Having a full assessment of you IT infrastructure and procedures can highlight unconsidered risks.
Are your staff able to connect USB devices to your machines that might contain viruses? Which devices have access to sensitive data? And which staff connect to work IT systems (such as email) with their mobile phone? If you can’t answer these questions you should consider a security audit.
For more information on ransomware protection and general IT security improvements, please get in touch.