<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=156961&amp;fmt=gif">
ransomware-1.jpg

NHS Ransomware Infection – What happened and best proactive advice!

It’s unlikely you’ve missed the news coverage of the recent ransomware infection that’s taken place within the NHS and other organisations this weekend. With the scale and high profile nature of this attack we wanted to share some general information and advice for you and your users.  If you have any further questions then please call a member of the Mirus IT team.



 

What is Ransomware?

Ransomware is a type of malicious software that carries out cryptoviral extortion. This software blocks access to your data until a ransom is paid. Usually a message is displayed requesting payment to unlock the data.  This weekend’s particular form of ransomware is called ‘WannaCry’.

How did the infection occur?

At the moment, little is known about the actual primary source of the infection that occurred on Friday, but it’s likely that it will have entered via one of the following means;

  • Legacy Systems and Applications – Many old operating systems, both desktop and server, are no longer supported by Microsoft and other vendors and as such receive no patches or security updates. You would receive these should you have a newer supported software version that is set up to receive updates and these updates would give very basic protection to flaws in software products. The infection may have taken advantage of these known vulnerabilities and used these to spread throughout the NHS network.
  • Poor Patching and Updates – Even if newer software systems were in use then it may be the case that they haven’t been patched and updates maintained in the correct manner.
  • Phishing/Spoof Emails – Many of the attacks we see are delivered via emails carrying links or attachments which can fool the user into taking actions (downloading a file or clicking a link) that may allow the infection to occur.
  • Web Browsing – The act of browsing to sites that carry malware and other types of malicious software packages and then allowing these to be downloaded to your machine.
  • Targeted Attack - This is a specific targeted attack against the specific organisation or network attempting to gain access through what’s called a ‘brute force attack’, trying to expose security weaknesses. 

User Education – It's vital!

One of the most common ways for any type of virus, malware or ransomware to enter a network or individual machine is via user action.  This may take the form of clicking a link in an email or browsing to websites that carry malicious software packages. 

The best education for users we can pass on is as follows;

  • Be aware of what you are opening and browsing to, look for anything suspicious that doesn’t look right or genuine. Things like fake LinkedIn connection emails are a common one that’s used, but the level of detail and quality of the copy can mean users are easily fooled. Hover your mouse over the link before you click it and the web address you are going to will show up, check it looks genuine.
  • Take action! If you see something you are concerned about then report it and get it checked before proceeding.
  • Should the worst happen and you get infected turn the machine of as quickly as possible and get it inspected by an IT professional.

Best Practice IT Security!

It’s not possible to guarantee you won’t ever be infected, but what you can do is follow some best practice advice to help decrease the likelihood of infection.

  • Patching - Always ensure your machines are up to date with the latest patches and security fixes from Microsoft (and other vendors).
  • Anti-Virus - Ensure you have anti-virus installed on every machine on your network and that it is receiving the latest updates.
  • Password Policies – Ensure you have and use complex passwords containing a mixture of letters, numbers and special characteristics. Ensure passwords are changed regularly. Most importantly don’t use the same password everywhere.
  • Firewalls - Ensure you review all your technology for updates – it’s not only operating systems that go ‘end of life’, your firewall or security appliance may also have stopped receiving updates.
  • Administrator Rights – Ensure that these are removed for end users. This limits their ability to install and run new software applications that may be used as a transporter for malicious software.
  • Email Filtering – Ensure you don’t allow dangerous emails to reach the user. If the email doesn’t reach the user as it is blocked by the filters then they can’t click on the links!
  • Backup, Backup, Backup and Backup! As a method of last resort, you need to ensure your data is secured and backed-up. Avoid storing data on your local machine and holding single copies that could easily be lost.

If you have further questions or would like further information on Ransomware and this weekend’s events then please feel free to contact one of the Mirus team.