Ransomware: 5 Quick Steps To A Safer Organisation

By Chris Harris, Support Analyst, Marval Software

On Friday afternoon, it was reported that many NHS organizations, as well as other large companies, were affected by a ransomware cyber-attack. So far over 237,000 computers in more than 99 countries are reported to have been affected.

That’s not rare. Last year, 689 million people in 21 countries experienced cybercrime; 13.8 million of them were in the UK (that’s almost one in four of us!). Actually, Symantec identified 36% increase in ransomware attacks worldwide.

Ransomware is an attack that, once initialised, will covertly encrypt the data on the machine using a combination of AES and RSA ciphers, then show a screen that will demand a payment to be made in Bitcoin (an anonymous payment option) to get your data decrypted; or the data will be leaked.

In most cases, you will be advised not to pay the ransom, as there is no guarantee that the data will be decrypted, and even if it does, this does not mean that your data has not already been stolen and sold.

This is not the first time this has happened and, for cyber criminals, patient data (that health organizations have a lot of) is worth up to 10 times more than credit card information; and this can be sold on the black market within the dark web.

The “WannaCry” ransomware attack is a very fast spreading malware that exploits a vulnerability within Windows SMB and could affect any Windows machine (except Windows 10 and Server 2016) that has not been updated with the latest patches released by Microsoft. Once a machine is infected, it will also scan other machines on the network for the same vulnerability and also random hosts over the wide area network, and due to the fact it’s a worm, the infection is also self-replicating.

As the patches to fix this vulnerability have already been released by Microsoft, the best advice is to keep your systems protected is always make sure they are up to date.

Quick Steps to a Safer Enterprise

-          Set processes around cybersecurity and make sure they are followed religiously.

-          Automate tasks, so that no critical updates are ignored or forgotten.

-          Be proactive rather than reactive, with regular risk assessments that will help you identify and address potential liabilities. 

-          Withdraw any dated or vulnerable equipment, if required. Use documentation to support and accelerate change.

-          Promote the “cybersecurity culture” in your organization. Security breaches are often caused by neglect or human error. Make sure that the message is spread and frequently reinforced both in your IT team and across the organization.

I can’t stress this enough: When a malicious attack happens, time is money. Any minute spent between the attack and the identification of the breach and its resolution, adds up to the cost. organizations need to make the most of their best assets (people, processes and technology) to minimise the short and long-term impact of the attack.