Ransomware – Cyber Security – Protect yourself

Following last Friday’s attack on the Health Service, and our surgeries phone systems earlier in the week, it is clear that this is a problem that is not going away. My understanding is that several NHS Trusts have already paid the Ransom (Using our money to cover up their lack of preparedness) and thereby creating an open day on the Health Service, What they should have done was to expose the threat, find a solution, and prepare the health service for other attacks.

This raises the following questions

  1. WHY did they not share the information?
  2. How can you take easy steps to protect yourself from this type of threat?

Our “Best Advice” recommendation is that you should take the following 5 steps

  1. Install Bitdefender Anti Virus Software. This would have stopped the Wannacry virus in the health service. They are also working on a solution that will help customers decrypt any encrypted software. See Article Below
  2. Install Malwarebytes Premium.
  3. Where you do have a virus, run both of these, one after the other, reboot the machines, run both again and repeat until both products come up clear of viruses
  4. Have an online back up system, that takes real-time backups and where you can restore from earlier dates. Such as Line Drive
  5. Have two off line hard drive back ups. One in the morning and one at night. The one that is not backing up, should be kept offsite, in case of a fire. We have a red one for night and a blue for day, each time we swap over we take the other away and lock it in a fire safe.

 

We also think that a problem shared is a problem halved, so we are about to launch a “Business Growth Program”, run by businesses for businesses, where you can come along and meet a cross section of experts, on a monthly basis, and review a range of areas from recruitment via marketing to IT security. We look forward to seeing you there.

If you would like to read more about the recent cyber attacks please see the two articles below from Bitdefender and Chamber Member Tony Richardson from Octree.

Bitdefender say

Don’t worry about world’s most advanced piece of ransomware. We’ve got your back!
Bitdefender’s advanced detection technologies have blocked WannaCry from the very beginning

You might have already heard that a new family of ransomware called WannaCry has infected over 140,000 computers worldwide. This piece of ransomware is based on a zero-day exploit that helps it jump from one infected computer to another and encrypt all the information stored on it. We’re writing to you to let you know that Bitdefender’s advanced detection capabilities based on next-generation technologies were able to intercept this threat since its emergence.

As a Bitdefender customer, your information has been safe all the time.

Here is a little background information about this new threat

Unlike other ransomware families, the WannaCry strain does not spread via infected e-mails or infected links. Instead, it takes advantage of a security hole in most Windows versions to automatically execute itself on the victim PC. According to various reports, this attack avenue has been developed by the National Security Agency (NSA) in the US as a cyber-weapon and it was leaked to the public earlier in April along with other classified data allegedly stolen from the agency.Until now, a number of hospitals, telecom companies or gas and utilities plants have suffered massive disruptions caused by data being held at ransom.

As this ongoing outbreak is affecting countless computer users around the world, we are actively working on a free decryption tool to help victims recover their information without paying the ransom. Make sure to follow us on Twitter and Facebook to be notified when it becomes available.If you are not using a security solution we strongly recommend you to install Bitdefender:

 

Chamber Member Tony Richardson says

Cryptomalware, which has affected Telefonica and other organisations in Spain, and the NHS in the UK, including many private surgeries, has recently been confirmed as being a fully weaponised version of the crypto malware “Wcry”, also known as Wannacry.

As far as we currently understand, this new strain incorporates active exploitation of the vulnerability patched in the MS17-010 update released by Microsoft in March. Wcry copies a weapons-grade exploit codenamed “EternalBlue” that the NSA used for years to remotely commandeer computers running Microsoft Windows. “EternalBlue”, which works reliably against computers running Microsoft Windows XP through Windows Server 2012, was one of several potent exploits published in the most recent Shadow Brokers release in mid-April. The Wcry developers have combined the “EternalBlue” exploit with a self-replicating payload that allows the ransomware to spread virally from vulnerable machine to vulnerable machine, without requiring operators to open e-mails, click on links, or take any other sort of action.

This is novel behaviour for cryptomalware and we expect this to have wide spread effects. We strongly advise you to ensure all internal systems (especially critical domain controllers, fileservers and exchange servers) have the MS17-010 patch applied as soon as possible.

Additionally, because of the nature of malware propagation you should ensure that any back-ups are held offline, if backups are offline they can’t be encrypted in the event of your network being hit.

Furthermore, it is critical you deploy a next generation anti malware solution to replace any legacy AV you may have. And consider security awareness training for staff to highlight the risks of clicking on links or attachments in unrecognised spear-phishing emails.

And lastly, talk to your supply chain about what countermeasures they have deployed. They could also prove to be your weakest link.

For more informed help or advice contact cybersecurity@octree.co.uk.

Leave a Reply

Your email address will not be published.