The opening line from an article I read this morning summed up the situation well: “If you haven’t heard about the most recent Ransomware attack, you’re probably living off the grid.” The WannaCry (also known as WannaCrypt, WanaCryptor, WCry or Wanna Decryptor) program spread rapidly through networks in over 150 countries in a matter of hours, resulting in major disruptions to many systems, some of them critical, such as the UK National Health Service.
How does it work?
WannaCry is a malicious type of software (malware) called Ransomware. It typically spreads by unsolicited emails that contain a link or attachment, which, when clicked on, executes or runs the malware on the recipient’s computer. Exploiting vulnerabilities in unpatched or unsupported versions of Microsoft Windows®, it will then spread to all other devices on the network, infecting each computer and any other accessible network-enabled device (yes, this includes internal and external backup drives connected to an infected machine). The ransomware then locks and encrypts files on all infected computers, preventing access to them and demanding payment be made via the digital currency, Bitcoin.
What should you do?
Prevention is always better than cure. Following these simple steps can greatly reduce the risk of falling prey to this and similar malware attacks:
- Make sure you are using supported Operating Systems (Windows® XP, 2003 and Vista are no longer officially supported so if you are using Windows® machines you should already have updated all of your computers to newer versions by now);
- Make sure that your operating systems are up to date with all the critical security patches installed (a patch for this malware was released by Microsoft – make sure you have it installed);
- Training! 1 in 3 cyber-attack events occur from “oops” moments. WannaCry is no exception. All team members need to know and follow a consistent procedure on how to identify and delete suspicious emails – this must be company policy. Having the best anti-virus/malware programs are useless if someone open an infected email attachment or link;
- Have good backups and test them regularly. Given the way this malware spreads to attached devices, it cannot be stressed enough the importance of having backup data physically removed and where possible, off-site. One suggestion is use the 3-2-1 backup rule (3 backups, stored on 2 different media, with 1 offsite);
- Regularly review user access authority / permission and restrict them to the minimum needed;
- Implement two-factor authentication wherever possible, particularly to all remote access and online services.
Finally, and possibly most importantly, make sure you have adequate cyber insurance in place before you suffer an attack.
Cyber insurance can help by providing:
- qualified technicians to investigate the problem,
- implement a solution, and
- financial support if your business is interrupted or temporarily closes.
If you don’t have cyber insurance in place, contact us immediately.