This ransomware attack was on an unprecedented scale, and unbelievably started from just one email to a single unsuspecting user, somewhere in Europe. That victim unwittingly opened an email, clicked on its attachment, and let Wannacry into their system.
Using a file-sharing process previously stolen from the US National Security Agency, the virus latched onto the filesharing settings of the host computer, and copied files into dropboxes and shared drives of other computers. This process repeated again, and again, until thousands of organisations all around the world were affected. In the few hours before it was discovered, it made its way around 150 countries.
The virus exploited a security weakness in some versions of Microsoft Windows, namely Windows Server 2003, Windows XP and Windows 8. These versions of the platform do not receive free security updates from Microsoft, putting them vulnerable to attack.
The consequences of Wannacry were, at best, commercially crippling for businesses who had their payment systems cut off, at worst, NHS patients failed to receive lifesaving medical care.
Worryingly, many of the organisations affected by this virus were big players, so it came as a shock that names such as the ones listed below succumbed to the attack.
Workers arrived at their desk on Friday morning to a message warning that their files had been encrypted. The computers were rendered useless in the short term, but the files would be decrypted if they made a bitcoin payment of $300 to a named url. The deadline for payment was three days, and if the money was not transferred, the files would start to be destroyed.
After a few hours, the knight in shining armour was a 22 year old British security researcher who is an online blogger writing under the pseudonym of MalwareTech. He noticed that the domain to which the threats pointed was unregistered, so he took control of it and stopped the malware in its tracks.
MalwareTech is an international hero thanks to his quick thinking, but there is no doubt that this remedial action is only a temporary fix. Experts are already viewing this attack as a ‘warm up’ with another more sophisticated attack expected in the not too distant future.
We know that malware is constantly evolving to try and stay one step ahead of anti-virus software, but you can minimise your risk with some fairly simple steps. Here are just a few ideas on how you can mitigate your risk:
|1.||If you use one of the affected platforms, you can download a security patch here. If you use a supported version of Windows and receive security updates, ensure they are installed and up to date.|
|2.||Make sure your virus protection is updated regularly.|
|3.||Follow the golden rules… NEVER open any attachment that you are not expecting, is from an unknown source or has a strange sounding or misspelt name.|
|4.||Implement a mandatory password change process where users are required to use a unique password every 30 days.|
|5.||Back up your sensitive files to an old computer which is NOT connected to the internet.|
|6.||Train your staff to arm your business against attack.|
The Daily Telegraph www.telegraph.co.uk
Financial Times www.ft.com
With the development of the internet and the World Wide Web vast amounts of information can now be easily accessed from anywhere in the world at the c...
This 2 day course provides delegates with Advanced knowledge in Open Source Cyber Intelligence. Building on the Introduction course this takes the gat...
This 1 day course is intended for managers of organisations and businesses of any description and size. It is an overview of the risks that can potent...
This course looks at the cyber risk limitations and exclusions for typical and traditional corporate insurance cover and the specialist cyber insuranc...
The World Wide Web and the Internet are fantastic places to converse, conduct business, do research, or simply relax and play a few games. But unfortu...
This 1 day course is intended for managers and leaders of organisations and businesses of any description and size. It is an introduction to Cyber Sec...
This 5 day course covers the duties of those who are responsible for monitoring and detecting security incidents in information systems and networks, ...