In the wake of Friday’s cyber attack, I wanted to quickly explain exactly what’s happened and show how you can protect your own organisation.
The attack took the form of a rapidly spreading piece of ransomware. Ransomware is malicious software which locks up your computer, making it impossible to use unless you send money to the creator of the virus. Friday’s attack was by the ‘Wanna Decryptor’ ransomware, also known as ‘wncry’. A ransom is asked for in Bitcoin (a hard to trace digital currency) to decrypt the data stored on the target’s computers and unblocking access. Infected computers are then used to attack other computers on the network this feature makes it what we call a ‘wormable’ situation, meaning it can quickly spread throughout a network on its own, posing a difficult challenge for containing the issue.
Media reports suggest that this is a global issue affecting over 70 organisations worldwide, and it’s unlikely that the NHS was specifically targeted. Multiple national agencies are now working together to investigate, nullify and contain the problem, and it’s really made clear how serious a cyber attack can be, hopefully inspiring organisations across all sectors to get serious about their cyber security procedures and defences.
Once infected, the system displays the message you’ll see at the top of this page, and then decrypt instructions.
The one thing that will make you most vulnerable to this attack? Failing to keep all of your systems properly patched and updated. The exploit Eternalblue that this attack utilised, as reported in the recent Shadow Brokers dump, has already been addressed by Microsoft in bulletin MS17-010.
The three areas that IT staff will be looking at today are:
- Patching – Update systems with the MS17-010.
- Firewalling – RDP (3389/TCP) and SMB (139/TCP & 445/TCP) ports should be restricted from internet facing systems.
- Secure Hardening – Systems running SMBv1 should be disabled.
Any unusual extensions should also be blocked at mail servers or messaging security gateways
I know that’s very technical but there are also things that all staff can do to protect their own machines – never open strange attachments from unknown senders, be aware of phishing campaigns taking advantage of this situation (ie be very wary of e-mails mentioning the cyber attack and inviting you to install software to defend against it), generally be on the look out for e-mails that possibly aren’t from who they purport to be from.
We’re not yet totally certain on how this ransomware found it’s way into the NHS system, but it’s likely to be a “social engineering” situation where a user was tricked into opening an attachment or downloading the malicious software from a misleading website.
If you’re concerned about cyber security within your own organisation, Kind Consultancy has a large database of pre-qualified top tier infosec professionals across the UK who are currently seeking both contracts and permanent positions. Get in touch with me today and we can connect you to the game-changing IT talent you need, taking into account the size and nature of your organisation and the specifics of your current cyber security situation to provide you only the best possible people with the most relevant skillsets and experience.
For a confidential discussion, get in touch on 121 643 2100 or firstname.lastname@example.org