Corporate Finance Appointment at RMT
November 10, 2017
Paul Holborow, Head of RMT’s IT services division, offers practical advice about how to protect yourself from the recent WannaCry ransomware attack.
What’s been happening?
A ransomware attack has affected a large number of PC’s in the UK and across the world. The attack is not targeted at a particular sector, it just happens to have affected a large number of computers within the NHS and this has been picked up by the media over the weekend. Companies are being affected too.
The attack is called WannaCry or Wannacryptor and it spreads principally by email spam/malicious websites &/or by exploiting PC’s that have not had the latest Microsoft Windows security updates applied.
This attack seeks to encrypt files on a PC, and to spread throughout the network encrypting files as it goes. A ransom payment is then demanded to decrypt them.
No anti-virus software can be 100% effective and you are still at risk even if you have the Windows updates. Clicking on suspicious links, downloading suspicious files and running suspicious software from a website may still activate the ransomware and lead to encryption.
Who has known about it?
In March 2017 Microsoft issued a Windows update (MS17-010) which fixed the weakness in its Windows operating system that this malware seeks to exploit. Unusually for them, it issued the update for its older XP operating system which Microsoft had already stopped supporting.
Major anti-virus software companies picked up on a strain of it at around that time too.
What should you do now?
• You need to install the latest Windows Security patches as soon as possible.
• Refer to the Microsoft bulletin here to find the patch you need.
• Perform a risk assessment on each asset first to ensure old legacy systems are protected – refer to legacy Microsoft patches here
• Ensure Automatic Windows Updates are set up on PC’s, laptops and servers and ensure they update and apply, restarting your machines regularly.
• Keep your anti-virus software up to date and licence all your PC’s, laptops & servers
What else should you do to remain protected?
Support your staff and encourage them to be vigilant and to Think before you click:
DON’T click on suspicious links to websites or sites that prompt you to download files
DON’T open suspicious attachments, especially if you haven’t received them from the sender before or if you weren’t expecting one
DON’T run macro’s or zip files unless you are sure who they are from. If in doubt, contact the sender first
DON’T forward suspicious looking emails to your colleagues
DON’T insert USB’s or CD’s from clients to transfer data without scanning them first
DO Allow Windows Automatic Updates to complete on each PC & restart your PC afterwards
DO keep anti-virus subscriptions up to date on all PC’s & servers
It’s absolutely key that your staff be vigilant by following the simple steps above.
Lessons learned, so far
This incident is a timely reminder to us all that when we are online we must remain vigilant to the threats that are there.
The indiscriminate nature of this attack shows all businesses, large and small, that security is now becoming just too important to ignore and we are all at risk.
Discuss the issue regularly with your Board & key operations staff & understand the risks & impacts
Review procedures for backup, staff training, business continuity & disaster recovery.
For more information and advice, please contact Paul Holborow, Head of IT Services at RMT on 0191 256 9550.