The rapid spread of the WannaCry virus at the weekend shows how important it is to keep up to date with security patches as soon as they come out – not sit on them and update. Gone are the days of patching a few times a year.
On Friday the world was hit by malicious ransomware virus which has spread through IT networks in 150 countries. WannaCry Ransomware encrypts files and documents held on Windows-based PCs and servers. The UK’s NHS was hardest hit with operations cancelled due to systems going down after the malware spread laterally across the NHS network. The software asked for a ransom to be paid to unlock the files.
WannaCry spreads itself within networks, without user interaction, by exploiting a known vulnerability in Microsoft Windows. Computers which do not have the latest Windows security updates applied are at risk of infection.
What steps should your business take to help minimise an attack and its impact?
Security/Windows update – new ransomware variants appear on a regular basis – as close to the release date as possible. Always keep your security software up to date and never let it fall behind by a single release. This includes Anti-virus, Windows updates and other security software.
Operating Systems – keep your Operating System and other software updated. Software updates frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
Emails – WannaCry spreads by phishing emails enticing users to click on links or open infected files. Be wary of unexpected emails especially if they contain links and/or attachments. The best defence is to hit delete.
Attachments- be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. This is a classic way to drop malware onto your system. Unless you are certain that this is a genuine email from a trusted source, do not enable macros and immediately delete the email.
Backups – Backing up is the single most effective way to retrieve your files and documents and protect yourself. Having a successful backup and restore point is crucial as without a backup it’s impossible to retrieve any encrypted files without paying the ransom which is by no means a guarantee and should be avoided at all costs. It’s always better to back up than pay the ransom.