What we're talking about… Categories / Cybersecurity

WannaCrypt Ransomware: Protect Yourself from Infection

WannaCrypt Ransomware Blog

WannaCrypt ransomware has made international news after carrying out devastating attacks on more than 200,000 victims in 150 countries. How do you protect your firm?

Cybercriminals launch cyber-attacks throughout the world every day, but it takes an especially aggressive and successful cyber-attack to make international mainstream news. On Friday 12th May news broke of a successful cyber-attack on the NHS that resulted in severe operational issues for hospitals throughout the United Kingdom. The NHS – along with hundreds of thousands of other victims in 150 countries – were attacked by WannaCrypt ransomware. WannaCrypt is only the latest of a number of strains of ransomware to emerge in recent years, following the likes of CryptoLocker, CryptoWall, and Locky.

WannaCrypt ransomware presents a significant risk to all businesses, and victims will potentially suffer operational, financial, and reputational damage. How do you protect yourself from infection?

What is WannaCrypt Ransomware?

WannaCrypt is a form of ransomware. Ransomware’s primary aim is to extort money from businesses and individuals who are infected. It achieves this by encrypting files that are saved locally and on shared drives connected to affected machines. Once files have been encrypted, the user is notified and asked to pay money in Bitcoins (an online value and payment method) in order to obtain a key that will unencrypt the files.

What makes WannaCrypt ransomware especially dangerous is the manner in which it can spread from infected machines. The ransomware spread rapidly throughout the world on Friday 12th May, leapfrogging between vulnerable Windows machines.

Protect Yourself from Infection

With any strain of ransomware, prevention is always better than cure. Advice on what to do if your firm becomes infected tends to be either to pay the ransom or to restore from backups. The former option comes with serious moral considerations, and the latter is dependent on appropriate backup measures being in place and available.

At Capital Support we recommend taking the following seven steps, keeping in mind that user education is absolutely key: –

  • Always ensure that you keep up-to-date with Microsoft security patches for servers and workstations;
  • Make sure that you take regular backups, and that you have tested that they can be restored;
  • Ensure that your antivirus is real-time updated and that active scanning is on;
  • Keep all software up-to-date, including Java, Adobe Flash Player, Adobe PDF, and so on;
  • Never click on links or open attachments in emails that you are not absolutely sure of;
  • Don’t visit questionable websites, and take care when downloading files and applications;
  • Ensure that user access rights are setup appropriately; not everyone has access to every file.

The following measure may be worth considering, but bear in mind that they may not always be practical for your firm: –

  • Restrict permissions to read-only;
  • Store documents in a database, for example a document management system;
  • Do not use Adobe Flash Player if you can avoid it – Flash is frequently exploited by cybercriminals in order to deliver malware payloads;
  • Implement ad-blocking and anti-spam filters;
  • Enable software restrictions through group policies.

Ransomware: An Evolving Threat

All businesses, regardless of their size or the nature of their operations, need to understand the threat that ransomware poses. As Microsoft’s President and Chief Legal Officer Brad Smith commented, “the governments of the world should treat this attack as a wake-up call.”

WannaCrypt ransomware can only infect unpatched and outdated Microsoft servers and workstations, and so implementing a robust scheduled maintenance program across your firm’s systems is essential.

And as the majority of ransomware attacks are proliferated through phishing emails and compromised websites, user education will always be your first line of defence against infection.

For guidance on the steps that your firm should take to protect itself from WannaCrypt and other forms of ransomware, contact us. Our Security team will be able to provide practical guidance on how to improve your firm’s security posture.

Ryan Sedgwick
Ryan Sedgwick