The WannaCry ransomware attack of May 2017

If you read the news then you’ll no doubt be aware of the malicious ransomware attack that hit the NHS last month. The ‘WannaCry’ ransomware hit Britain’s health service hard and impacted businesses such as Telefónica across Spain, Russia, Taiwan and the Ukraine. But what is WannaCry, and how did it hold NHS data to ransom? Should your business be concerned about ransomware in 2017?

What is ransomware?

In a nutshell, ransomware is a piece of malware that infiltrates your network and blocks access to a particular set of files, demanding money in order to release them. When a computer on the network is infected, the ransomware will usually contact a central server and get the information it needs to start encrypting files. Once encrypted, the ransomware will then post a message requesting payment to retrieve access to the files. Some may even come with a timer or threaten to destroy the files in order to increase the pressure on victims. It’s a particularly malicious piece of software and no business is safe from it – if you’re online, you’re potentially vulnerable.

54% of all UK businesses experienced a ransomware incident in 2016, making the threat level high for businesses of all shapes and sizes.

WannaCry, or ‘wcry’ as it’s sometimes known, is a particular brand of malware that locks all the data on a computer system and leaves the user with a detailed set of instructions. It demands payment in Bitcoin, gives instructions on how to buy it, and provides a Bitcoin address to send it to.

How does ransomware like WannaCry spread?

Ransomware is typically hidden in Word documents, PDFs and other files that are normally sent via email. It can also get through ‘back doors’ which are effectively weaknesses in your security left by other viruses that have paved the way. The WannaCry malware that impacted the NHS spread across their network through vulnerabilities in the Windows XP operating system which allowed it to jump from computer to computer. This vulnerability was known by Microsoft who released a patch to fix it, despite not publicly supporting the XP OS anymore. The NHS had not downloaded or installed the patch, leaving their systems vulnerable and ready to be exploited.

Should you be concerned about ransomware?

If you’re a small to medium sized business you’d be forgiven for thinking that ransomware is a distant threat. However, it’s important to note that the businesses affected in the WannaCry cyber attack were not specifically targeted. Ransomware is opportunistic and will attack businesses that are vulnerable indiscriminately. According to research by Malwarebytes, 54% of all businesses in the UK experienced some kind of ransomware incident last year.  As technology evolves businesses are becoming more efficient and capable than ever before, but they’re also leaving themselves vulnerable in new ways.

Jeff Wiblin, a key member of the team at Equity, says that “Ransomware is still a significant local security concern, however we need to look to a wider network security solution as business move more services to the cloud.” That means that businesses need to step up their game in order to stay strong and vigilant against such attacks. He also advises that ransomware is here to stay, but also feels optimistic that the security landscape will evolve and adapt in order to keep businesses safe.

Defending your business against ransomware

Now that we’ve established what ransomware is and how it spreads, what steps can you take to avoid a ransomware attack? Of course, big companies come with big resources to help combat such threats, but even smaller businesses which are just as vulnerable can tip the advantage in their favour. Here are some things you should consider.

Keeping your systems and software up to date

Whether it was lack of resource or lack of organisation, this is one of the key things the NHS failed to do. Without your own IT department this can be a surprisingly easy thing to overlook, but it’s your first line of defence when it comes to keeping your business safe. We recommend automatically updating your systems with security updates as often as possible. The vulnerability exposed by WannaCry was marked as ‘critical’ on many versions of Windows including 7, 8 and 10, but Microsoft can’t help you unless you allow them to patch their software and update your security. Anti-Virus software can also go a great deal in helping but only if the program and its database are allowed to be frequently updated. Where possible, you should also have the latest version of whatever platform you’re using. Newer software will always mean more robust security.

“We always recommend that our clients upgrade to Windows 10. It’s the most safe and secure operating system that Microsoft have released to date. We roll out the OS to every machine then monitor it closely and ensure it’s always up-to-date.” – Jeff Wiblin, Equity Networks.

For example, Equity make a point of ensuring that all clients’ software is up to date and running the very latest version. In this way, their clients get the benefit of having the latest updates without needing the resource of a large IT department. Whether you choose to do this yourself or outsource it, it’s just one of the many ways smaller businesses can increase their risk posture and safeguard their data.

Securely back up your data

Data is the bottom line in all of this. Everything ransomware attackers do comes down to data and its value to your business. If you store customer information or other sensitive data then it’s absolutely paramount you keep it as secure as possible, but ransomware attackers won’t think twice about threatening to release it in order to give your business a headache. Having backups may not prevent this from happening, but it’ll certainly help your business weather any attack. In the case of WannaCry, files and programs were rendered unusable by organisations like the NHS which slowed their service to a halt. This is where having separately stored backups can really help.

Always be vigilant and train staff to spot the signs

We’re always advising customers on best practice when it comes to staying secure online. With all the tools and anti-malware programs in the world, the first line of defence is your team. IBM’s 2015 Cyber Security Intelligence report found that 95% of breaches started with human error, such as responding to a rogue email or disclosing confidential information. The same report found that 60% of malware attacks were ‘inside jobs’, with staff accidentally or purposefully aiding an outside source by giving them passwords or access to systems.

Staff training is important. 95% of malware breaches like phishing or ransomware start with human error.

It’s therefore crucial, regardless of the size of your business, that you train your staff to spot signs of phishing and ransomware scams. At Equity we offer this kind of training as part of our security services in order to help our clients and their teams stay one step ahead of the risks.

Key takeaways

Guarding against ransomware attacks is all about vigilance and good in-house practices. Your team should be obsessive when it comes to verifying the identity of online associates, and should question any request for what could be considered sensitive information. You also need to make sure your software is up to date, including any and all security patches that could rule out any vulnerability on your network. Remember, the WannaCry incident could have been avoided by the NHS if their OS was fully patched and up to date. Don’t let the same thing happen to your business.

If you have any questions regarding ransomware or would like a free, no obligation IT health check from an Equity engineer, contact Equity today.