You no doubt will have seen the news over the last few days about the large scale cyber-attack which hit the NHS and many other organisations across the world. The scale of the attack and its subsequent impact is unprecedented and this will no doubt lead to you having questions and concerns around the security of your own IT systems. As your IT support partner, we wanted to try and provide you with the information you need to keep your business fully protected. Most importantly, if you have any questions, or concerns please contact a member of your Complete I.T. team.
The NHS and other organisations across the world were hit by a variant of Ransomware, which infects PC’s and Servers locking (or encrypting) the data stored on them. Once this data is locked, the only way to unlock it is to pay a ransom fee to the criminals or to restore from a backup. The Ransomware in this particular case was a form of Cryptolocker called ‘Wanna Cry’.
How did it get in?
There is not too much information on the actual source of the infection, though we see a lot of Ransomware attacks and we know it can come in via:-
- An infected email attachment or link, double clicking the attachment will infect the machine you are on with Ransomware, equally clicking a link can have the same affect, therefore user education is vital to reduce the likelihood of this happening
- Poorly patched systems, Ransomware can be deployed by a hacker via a poorly configured and maintained firewall or server, therefore keeping patches up to date is important.
- A Brute Force attack, this is where a hacker will keep attempting (guessing) a username and password to gain access to IT systems, so a strong password policy is vital to stop these types of attacks
- Visiting websites which have been infected with a Ransomware payload, this is then downloaded to your machine, therefore a web-filtering type service is important to reduce this as the source of any infection
Once Ransomware is on your machine it can spread to other machines and servers that it can see. We believe the NHS was hit by an email which a user inadvertently opened, this then spread to other machines on the network due to poor patching.
How do I prevent against Ransomware?
There are really 2 ways to keep yourself safe and secure and protected from Ransomware
- The first is Good Security Hygiene
- The second is educating your users to be vigilant and know what to look out for
Good Security Hygiene
Complete I.T. recommend the following security is in place to help prevent against Ransomware
- Ensure your Antivirus software is up to date on all of your machines.
- Ensure that your machine has all of the latest Windows Updates Installed, the one to protect against this particular Ransomware can be found here https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
- Ensure that you have a ‘complex’ password in place (i.e. 8 characters with a mix of upper and lowercase letter and numbers)
- Ensure you have an account lock out policy in place (i.e. if you put the wrong password in 5 times or more, the account will be locked out)
- Ensure you have a good quality firewall in place and the software on it has the latest version of software
- Where possible remove administration rights from users, this will stop them running executable files such as Cryptolocker
- Use a web site filtering product to protect against visiting and downloading viruses from the internet
We are in the process of pro-actively double-checking Points 1. & 2 (above) for you, if you would like to discuss this or any of the other points above then please speak with a member of your Complete I.T. team
The other part of protecting against Ransomware is to educate your users
- You need to educate your users not to open emails and attachments that don’t look genuine
- You need to educate your users on being vigilant and keeping an eye out for suspicious activity
In the unfortunate event that you are hit by Ransomware, the likelihood is that you will need to recover your IT systems from backup. Ensuring that you have an effective Business Continuity or backup solution in place that works and is easily and quickly restorable is critical. Whilst this has always been important, the rise of Ransomware means that this is more important than ever.
We hope that this guidance and the update on the pro-active steps we are taking provides you with some assurances along with practical advice and guidance to protect against Ransomware.
If you do have any questions or concerns on any of the above then please contact a member of the Complete I.T. team.