NHS Attack & Your Business – Practical Guidance for SMEs

The Ransomware attack has left NHS trusts without access to patient data and having to cancel hundreds of appointments and operations.

This could easily happen to your business.

What would you do if you couldn’t operate or get access to any of your data?

This is a global attack not limited to just the NHS. SMEs must take precautions as the risk of infection from Ransomware has increased significantly.

To help SMEs take action we’ve produced some easy to understand guidance and advice.

Quick Recap – What’s going on exactly?

The NHS Ransomware attack as left around 40 NHS Trusts and some GP Surgeries around the country having to resort to pen and paper, cancelling appointments and operations and leaving them unable to access data and patient records.

Part of a global outbreak, The NHS has been particularly susceptible as they are slow to upgrade and patch their computer systems, however a lot of businesses are also slow or fail to patch as well and are just as at risk as the NHS.

The malware used in the attack is called Wannacry and attacks Windows Operating Systems missing a security update released in March this year. This fixed a problem with the way fileshares and mapped drives work that the malware uses to spread and infect machines.

The virus is usually covertly installed on to computers by hiding within emails containing links, which users are tricked into opening.

Once run it encrypts files on a user’s computer and any attached fileshares, network drives and removable media (like flash and USB drives). Blocking them from view, before demanding money, via an on-screen message, to access them again.

The demand is for a payment of $300 (£230) in virtual currency Bitcoin to unlock the files.

Up to this point that’s pretty standard Ransomware behavior, where this is different and why it has spread so quickly, is that it also scans the network for other machines that have the missing update and is able to infect other machines and spread. So it’s a 2 for 1 deal you don’t really want to take advantage of!

WHAT CAN YOU DO NOW?

First and foremost if you see signs of this in your business or one of your machines becomes infected, disconnect it from the network immediately. Disconnect the network cable or disable the wireless network to do this. It will then need to be rebuilt from a fresh install and data restored from a suitable clean backup.

If you’re lucky enough to have not been infected yet by this or another strain of Ransomware, then following tips will help you stay safe:

    Run Windows Update, check for updates and update now. If updating straight away is an issue check your update history to ensure update at the end of March or April have been applied. If not you must either apply that update specifically or update now and apply all updates. Best practice is to ensure updates are applied regularly, the easiest way to do this is to ensure auto update is used.

    Gather your staff together and remind them they must be extremely vigilant at the moment. Email is one of the main infection methods. Be wary of unexpected emails especially if they contain links and/or attachments.

    Be extremely wary of any emails containing attachments that look strange and attachments that advise you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not open the attachment or enable macros and instead immediately delete the email.

    Dangerous attachments may come or look like they come from people you already know. Even more so if you are part of an NHS supply chain.

    Backing up important data is one of the most effective ways of combating Ransomware. If the victim has backup copies, they can restore their files once the infection has been cleaned up. However organizations should ensure that back-ups are appropriately protected or stored off-line so that attackers can’t delete them.

    A disaster recovery plan and backup strategy is extremely important. This Ransomware does target backups and other Ransomware have been known to lay dormant or use a delayed reaction meaning that backups can’t be relied upon as the only method to combat Ransomware.

    Basic anti-virus cannot be relied upon on it’s own either. A lot of business assume that because they have Anti-Virus (AV) they are safe but this just isn’t true. Ensure you have either an advanced AV/Malware endpoint solution or combine your existing AV with a Ransomware/Malware behavior based prevention solution which automatically updates regularly. It’s not expensive compared to the potential downtime and reputation damage (We have one that would have protected against this attack, you can find more information about how we can help here).

    Get better protection. Now.

THE NEXT 60 DAYS

    Ensure your business devices are running an actively supported operating system that receives security updates. New ransomware variants appear on a regular basis. Always keep your security software up to date to protect yourself against them.

    Undertake a Security review and gap analysis to identify and remove any security loopholes.

    Perform regular vulnerability assessments to highlight any missing patches or weaknesses.

    Have effective patch management that deploys security updates to your devices and other critical parts of your network in a timely manner.

    Use a security solution with behavior based detection technologies. These technologies can catch malware, including Ransomware, by watching how it operates on the attacked system and making it possible to detect fresh and yet unknown samples of Ransomware.

    Conduct proper and timely backup of your data so it can be used to restore original files after a data loss event. Test it regularly so if you happen to need it, you know you will be able to recover with it.

    Educate your employees, paying special attention to operational and engineering staff and their awareness of recent threats and attacks.

    Using cloud services could help mitigate Ransomware infection, since many retain previous versions of files, allowing you to “roll back” to the unencrypted form.

    Visit The “No More Ransom” website, a joint initiative with the goal to help victims of Ransomware retrieve their encrypted data without having to pay the criminals.

    Provide protection inside and outside of your network. A proper security strategy has to devote significant resources to attack detection and response in order to block an attack before it reaches critically important business systems, operations and data.

Want to improve the protection for your business? Get in touch now or use the “Click Here for Help” applet a the bottom of the screen.

Further Detail/References:
Cisco Talos Intelligence – Say hello to Wannacry
Symantec – What you need to know about the WannaCry Ransomware
Kaspersky – Ransomware: Know Your Enemy, Know the Facts
BBC News

Leave a Reply

Your email address will not be published. Required fields are marked *