12th May “Global ransomware offensive”

To date, almost 100 countries have been impacted with the NHS in England and Scotland having to resort to pen and paper. Operations cancelled and Accident and Emergency units shut down by the crippling ransomware infection.

How did this happen?

Short answer: a convincing phishing email (SPAM email) was opened on a Windows PC that was not regularly updated.

A strain of ransomware names "WannaCry" has been delivered by a very well organised and synchronised mass email attack. The convincing email entices the recipient to open an attachment that infects Windows operating systems with the malware that exploits a vulnerability that has not been patched.

Cactus IT offer patch management solutions, please get in touch if your business Servers and PC's are not regularly updated.

What does the malware do?

Once infected, the malware acts as the logged on user, gaining access to all of the files and folders that the user normally accesses. Systematically locking the files with an encryption key that leaves them completely locked for access and useless without the encryption key. The criminals are asking for a ransom to be paid in Bitcoins (a virtual currency) in exchange for the key to gain access to the locked files.

Only a backup can save you in this situation, Cactus IT offer a free backup audit to make sure that you have the right solution and that is "actually works". Please contact us for more information.

Why didn't my anti-virus prevent this ransomware?

The ransomware used in this attack was unique and had never been seen before. Known as a "Zero day attack", without the signatures of this malware know to Anti-Virus vendors, it is invisible to the software.

A multi-pronged defence works best in this situation- Anti-virus, web filtering, firewall and user training. Please get in touch if you would like assistance with any of these defences.

What do you need to do?

  1. Backup, Backup, Backup!! Always keep a reliable backup of your critical files, with at least one copy "off site". Follow the 3-2-1 backup rule

  2. Install business class anti-virus software and keep it up to date

  3. Regularly update and patch your Windows operating system and installed software (Windows XP and Server 2003 are no longer supported and no patch is available for this)

  4. Review your folder security access and restrict access rights to folders where possible

  5. Be vigilant and train your staff on how to identify suspicious email attachments and links

Cactus IT can help and assist you, if you are unsure about any of the points above, please contact us for advice.

If you are experiencing a live ransomware attack, then call Action Fraud immediately on 0300 123 20 40.

Posted in News.