It has been twelve days since news first broke of the widespread WannaCry ransomware attack that affected hundreds of organisations across the world. Whilst the story in the UK focused on the effect it was having on the NHS, Europol estimates the attacks have affected some 200,000 victims in at least 150 countries, with Russia and Eastern Europe being hardest hit.
The ransomware, also known as WanaCryptOR or WCry, is based on a vulnerability that was patched by Microsoft in March 2017. The fact that so many victims have been affected by a patched vulnerability, demonstrates just how many existing security regimes are ineffective. For those businesses or individuals who have previously had a casual approach to updating systems, the message is clear: patch immediately.
Why was the NHS so badly affected by WannaCry?
Following a number of recent stories in the US where healthcare organisations had been heavily targeted by ransomware, we highlighted the specific threat to UK healthcare due to the number of significant cyber security challenges the sector faces. Not only is their situation complicated by the 100,000 or so different authorities, public and private bodies that make up the sector, but a lack of investment in infrastructure has resulted in many healthcare providers having outdated computer systems, including Microsoft’s Windows XP operating system, which was the root cause of the WannaCry attacks.
The healthcare sector faces significant challenges as many small companies generally lack the resources and technical expertise to update legacy systems or implement robust cyber security strategies. The reporting of this incident in the UK has been dominated by the impact on the NHS, which is understandable as cyber security issues are having potential life threatening consequences, but it should be noted that many other sectors and international organisations have also been badly affected. This incident has served as a stark reminder of the importance of basic cyber security hygiene.
Is it all over then?
Far from it. Criminal groups may seek to exploit the current situation to release other types of malware and ‘hide in the noise’ whilst attention is focussed on WannaCry. Furthermore, the exploit used to facilitate these attacks had been released in mid-April by a hacker group known as Shadow Brokers, the same group who published several leaks containing advanced hacking tools from the National Security Agency (NSA). Despite concerns that other NSA exploits may now be repurposed and released, the threat remains largely unchanged as new vulnerabilities are regularly discovered, developed and traded via online criminal marketplaces.
So, what should I do?
- As mentioned, this particular vulnerability was fixed by Microsoft on 14th March (MS17-010), so you should install this patch as a matter of urgency as it closes the affected vulnerability used in this attack.
- To protect against future ransomware attacks, ensure you are suspicious of any unexpected documents you receive via email. No matter how enticing an attachment or embedded link may be, always verify the source before taking any further action.
- Consider awareness campaigns and staff training to ensure your employees are aware of the risks.
- Ensure you (and your company) have a robust backup regime so that important files are backed-up. This includes ensuring that any external storage devices are not always connected to your network device to prevent any infections from spreading.
- Additionally, make sure that you have an effective anti-virus solution on your system.
If you would like to discuss how to strengthen your cyber security controls, please contact us via email@example.com or +44 (0) 845 600 4403
Further official guidance is available directly from the NCSC website under the title ‘Protecting Your Organisation From Ransomware’. By following these steps, your critical data would still be safe and your systems could be effectively restored in the event of an attack.