The DOOMSDAY clock is ticking: Ransomware Attack
14th May 2017
WannaCry Ransomware is just the beginning…
Security analysts are expecting more advanced ransomware attacks within days. Immediate action is recommended, but for some businesses, it may already be too late!
On Friday 12th May 2017, businesses around the world were hit by the biggest Ransomware attack in history, encrypting data as it spread, showing that businesses are dicing with death!
Organisations such as the NHS, FedEx, Renault and Telefonica are just some of the businesses affected – those are the ones large enough to make the news. Plenty of smaller companies reported issues.
Its estimated that more than 200,000 computers were affected by the WannaCry ransomware, with over 1.3 million vulnerable computers are still in use.
Act now. If you wait until tomorrow it could be too late!
WannaCry spreads itself to vulnerable computer systems, once infected, data is encrypted – a process that happens at breakneck speed. The only chance of getting your data back is to ‘chance it’ and pay the fine (you may or may not get your data back – you are dealing with criminals), or perform a data restoration.
Would your business survive if you couldn’t access your data? Unlikely!
These are the steps you must take now, before its too late:
- Take an offsite backup of your data (ie, back up to a USB drive) – start with the most critical and valuable data first. If you’re using a USB drive, once your backup has finished, unplug the drive otherwise in the event of an outbreak this could become encrypted as well.
- Apply all available Windows security updates, to every computer and server in your business – if you’re running an unsupported version of Windows (ie Windows XP, or Server 2003), apply Microsoft’s emergency security patch for WannaCry: http://bit.ly/2pIvmNp. Then make plans to upgrade to a newer version of Windows (incidentally, Windows 10 is immune to the current threat).
- Make everyone aware of the threat. We’ve made a couple of posters available for download, showing what to watch out for! Make sure every employee knows what to look out for.
Long Term Protection Strategy.
Performing a quick backup, and getting your computer equipment patched today is a good starting point. However, much more work needs to be done to protect your business.
You need a long-term protection strategy.
Review what protection you have in place. Antivirus is no longer enough on its own – you’ll need a layered approach to reduce the chances of infection and becoming a victim of ransomware, malware and virus’s. Also, be aware of zero day vulnerabilities – attackers can exploit those vulnerabilities for which there are no patches.
Email – Employ an Email filtering solution to remove malicious attachments, and reduce inbound SPAM & Phishing emails, before they get to your employee’s inboxes.
Internet Protection – Use a firewall from a reputable supplier – many “home” type routers have firmware flaws that can allow hackers into your network.
Consider deploying URL and website category filtering to protect employees from nefarious websites.
Workstations – Deploy Antivirus, Antimalware, Ransomware protection & Exploit protection.
Make sure your built-in firewall is turned on and configured correctly. Regularly deploy Windows patches (monthly), & if your running Windows XP, or Vista, make plans to migrate away immediately – security updates are no longer supplied putting your business at an ever increasing risk. Remember, Windows 10 is immune to the current threat).
Servers – Deploy Antivirus, Antimalware & Exploit protection.
Make sure your servers built-in firewall is turned on and configured correctly. Regularly deploy Windows patches (monthly), & if your running Windows XP, or Vista, make plans to migrate away immediately – security update are no longer supplied putting your business at ever increasing risk. Regularly audit file share & folder permissions, limiting the chances of mass infection.
Backup – Employ a backup strategy that includes offsite copies, multiple versions and copies of your data. Perform regular restore verification tests to prove the backups are ok.
Reporting – Use reporting tools to verify and confirm backups, update deployment, software patch levels, and audit system events. If an outbreak occurs, make sure you’re alerted as soon as the issue occurs.
Applications – Keep applications updates. JAVA and Flash are renowned for their security vulnerabilities. Update them regularly or remove them. Consider blocking macros in Microsoft Office applications. Make sure staff do not have “administrative rights” – any application can run regardless of its safety or legitimacy.
Staff Awareness – Make sure your employees know what to look out for, keep them up-to-date with news of the latest threats such as WannaCry. Train staff to log support tickets & submit email samples when issues occur.
Once you’ve completed your security review, start off by taking action in the areas where you have identified as having the least protection.
Ransomware threats typically enter your business via malicious email, then download their payload via the internet. Any infection will spread fast, so your response must be equally so. Document your response and store it with your Disaster Recovery & Business Continuity plan.
It’s more important than ever to be vigilant when opening emails – if it looks suspicious, or if you’re unsure, delete it, or send it to your friendly IT Support company for review (we can then take the appropriate action).
Always remember, no ICT system is ever 100% secure, so always be cautious. Regularly review and improve on your businesses security and backup solutions.
If you are concerned about WannaCry Ransomware or any other ICT issue, contact our helpdesk – open Monday to Friday 9am – 5pm for ad-hoc support.
PC Comms also offer a free review of your IT systems, call us today to book yours.
See below our PDF for recent email threats.