I’ve been asked by a few of our customers about the massive cyber attack that took place last week and so I wanted to give a layman’s explanation of what happened so that you can protect yourself properly and prevent your business falling foul of what is a horrible ransomware attack.
What is a ransomware attack?
Ransomware is just another form of malware (or malicious software) that infects your computer. The difference is that ransomware will encrypt all your files and wait for you to pay a ransom to get them unlocked. As you can probably imagine, even if you pay the ransom you will probably still not get access to your files. The malware spreads from computer to computer and can lock down a whole network including your servers. Imagine losing all you data including your customer records, accounts, orders and any work you have been doing! Unthinkable? Not any more thanks to ransomware.
Dispelling the myths
Let’s start with a few myths, or “fake news” as people like calling it nowadays!
- This was not a planned attack on the NHS although some newspapers are suggesting it was. As with most malware style attacks it was an attack on anyone who is foolish enough to install the software. It just happens that a lot of NHS computers were affected by the attack for reasons that I will explain below.
- This was not an attack on all computer users. As with the majority of malware attacks, it was targeted at Windows computers so if you run anything else, Linux or Mac for example, you would not suffer the same fate.
- It was not an attack on users who are hanging onto old operating systems such as Windows 98 and XP as has been suggested. This malware attacks any version of Windows that has not been patched with the latest updates.
- Computers are not automatically infected if they run Windows. There was already a software patch available for this attack which was released by Microsoft in March but many users do not install their updates. If you keep your security updates up to date you will not suffer from this attack.
- The malware was not “sent” to vulnerable computers so that it could install itself. As with most malware it was sent by email as an attachment or download link and in each case a user opened the email or downloaded the attachment or clicked on the link.
What can you do to prevent getting attacked by this or other malware?
Here are some vital things that every computer user must do at all times, not just this week because a cyber attack is in the news. People with responsibility for systems, IT managers if you are lucky or any manager of computer users, need to make sure that all users are aware of these points and comply with them. In addition, you need to make sure that all your data is backed up regularly so that if you are attacked you can get your data back. If your computer is locked by a ransomware attack then you will not get your data back unless you have a backup.
- Install security updates – Always make sure that your computer is up to date with security updates. When you see the annoying little icon near the clock on your computer desktop that says, “Updates are available”, do not ignore it! Install them as soon as you see them. Make it a habit when you log on to your PC to check if there are any updates that need installing. These days updates can be released every day so make sure you check every day. If there are any errors then report them to whoever is responsible for your computers.
- Update security software – Make sure that any security software is up to date. This could be Microsoft Defender, any free antivirus software or paid for software. It all needs keeping up to date as these systems generally rely on being told about new security risks before they will protect you. Unless, of course, you have one of the more modern security systems, such as Carbon Black, that “intelligently” works out if things are going wrong on your computer.
- Don’t open dodgy emails – Do not open emails that are clearly not genuine. If you are using an email client such as Outlook then you probably have it setup to fetch remote content, e.g. pictures, when you open the email. This means that any malware in the email may download and run automatically when you open the email. Yes, you heard that correctly! All you need to do is open the email to see what is in it and the code will run. If an email has a title telling you that you have won the lottery then, take my word, you probably haven’t so don’t open it!
- Don’t click on links in emails – Be very careful about clicking on links in emails. It is child’s play to create a link that says www.gmail.com to the user but when clicked on it takes you to www.dodgysite.com. Try hovering your mouse over a link before you click it and you should see the link pop up on your screen somewhere. Alternatively, right click on the link, click on “Copy link” and paste it somewhere, e.g. on a blank document. You will then see where the link is really taking you which may surprise you. Alternatively, if the link is meant to take you to a genuine website, why not just open a browser tab and go straight to the website yourself. That way you know that you are going to a genuine web page and not a fake one. This is particularly useful when the link is to a login page where you may get asked for your password.
- Don’t download attachments in emails – Be extremely careful about downloading attachments from emails. Most malware is spread by creating an infected file, e.g. a Word document, and attaching it to an email. When the user opens the Word document it runs the malicious code and infects your computer. Only open documents that you are absolutely sure are genuine. Please note that reputable companies will normally send documents out as PDFs not as Word documents as PDFS are far safer.
What should I do if I think I am infected?
If you think that your computer may have been infected then turn it off immediately and seek help. Most malware spreads by connecting to other computers and servers on the network. If you switch your computer off then it may prevent the virus spreading.
If you need any advice after having read this article then please get in touch. We are also able to provide training sessions to users to demonstrate how easy it is to get infected and show them what they can do to try and prevent it.
If you would like a security review of your IT systems then please get in touch by calling 03 004 004 004 or visiting our website at www.opensauce.systems