On Friday 12th May 2017, a large scale Ransomware cyber attack took place across the world targeting hundreds of organisations, most notably the NHS. This left several hospitals in the UK unable to operate or admit patients.
What is Ransomware?
Traditionally, Ransomware arrives via email in the form of an attachment, typically fake invoices, job offers and suchlike which are sent to random email addresses. Within the email is a .zip file and once clicked, that initiates the infection. A screen then appears on the machine demanding a ransom payment (usually in bitcoins) to release the files.
This particular strain enters the system using the SMB vulnerability (explained below) mainly where inbound firewalls have opened up SMB for inbound connectivity. So it’s more sophisticated than a traditional email based phishing attack.
This attack is a new form of Ransomware called WannaCrypt which is very similar to the Cryptolocker Ransomware that was circulating a while back.
How does it affect my systems?
The virus spreads to not only encrypt files on your machine but anything attached to it including external drives, NAS drive, cloud storage or servers that your machine is connected to. Once encrypted it is practically impossible to recover the data without paying the ransom fee and even then it’s not guaranteed to work properly.
The Ransomware takes advantage of a known and patched Windows vulnerability and is dropped by a worm which abuses SMB, a network file sharing protocol. Other aspects of the malware leverages file-less exploitation techniques and it is morphing rapidly in the wild with over a dozen variants seen so far. The file extension used is .wncry, which drops a ransomware notification named: @Please_Read_Me@.txt in common file and folder locations.
What can I do to prevent a Ransomware cyber attack?
We can provide you with all the tools you need to prevent a Ransomware cyber attack, as well as proactive monitoring but the first line of defence is employee education. We therefore urge you to share this article with everyone in your business.
Here are the essential steps every employee should take to help prevent a Ransomware cyber attack…
- Ensure that any attachments or links you open are expected and from trusted sources only
- Make sure that any USB storage devices are regularly scanned for viruses and only used on computers that have up to date virus protection
- Only visit websites that are known and trusted
- Never attempt to install applications on business devices
It’s best practice to ensure you have regular back ups in place along with running the most up to date software. This ensures that your systems are less likely to suffer a breach. Older unsupported systems don’t get regular security updates.
How can Excalibur help?
As well as comprehensive malware, Ransomware and virus protection, back ups and monitoring, Excalibur can undertake repair project work should your systems become compromised at any point. We also offer a testing service to see how susceptible your business is to phishing emails, find out more about our security products here.
Our IT team here at Excalibur are fully educated around this particular strain of Ransomware and we’re here to help, so for further advice, please contact our IT support desk on 01793 438886.
An official statement and guidance from the National Cyber Security Centre is available here
