This year NHS Trusts in the UK were easily attacked by ransomware because basic steps to protect their systems were not taken.
The National Audit Office (NAO) has published its report on the cyber-attack launched by WannaCry ransomware, affecting over a third of NHS trusts last May. (The virus locked people out of their files and presented them with a demand to pay hackers to restore access.) Although no serious problems resulted, which is mainly because the attack happened on a Friday, it laid bare how vulnerable organisations, of any size, not just large, highly interconnected ones like the NHS, are.
WannaCry, which spread to more than 150 countries in a worldwide ransomware outbreak, has been described as relatively unsophisticated but, as NHS Trusts had not acted on critical alerts from NHS Digital, and a warning from the Department of Health and the Cabinet Office in 2014 to patch or migrate away from older software, they were vulnerable. Speaking about the cyber-attack, Sir Amyas Morse, comptroller and auditor-general of the NAO, said: “There are more sophisticated cyber-threats out there than WannaCry, so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.” He said the attack could have been prevented if the NHS had followed basic IT security best practice.
The malware was taken down in the UK by cyber-security researcher Marcus Hutchins, who accidentally helped to stop the spread by using a “kill switch”. This involved registering a domain name linked to the malware, which deactivated the program’s ability to spread automatically.
According to Lawrence Abrams, a New York-based blogger who runs BleepingComputer.com, many organisations don’t install security upgrades because they’re worried about triggering bugs, or they can’t afford the downtime.
But, if you want to protect your business, here are the five things Abrams says you should do:
1 Make safe and secure backups
Abrams recommends making multiple backups to both cloud services and physical disk drives, at frequent intervals. He says it’s a good idea to back up files to a drive that remains entirely disconnected from your network.
2 Update and patch your systems
The latest ransomware was successful because of a combination of factors. Those include a known and highly dangerous security hole in Microsoft Windows, users who didn’t apply Microsoft’s March software fix and malware designed to spread quickly once inside university, business and government networks. Updating software will take care of most vulnerabilities.
3 Use antivirus software
Using antivirus software will protect you from the most basic, well-known viruses by scanning your system against their known ‘fingerprints’. Criminals take advantage of less-savvy users with these viruses.
4 Educate your workforce
Basic protocol such as stressing that workers shouldn’t click on questionable links or open suspicious attachments can save headaches. System administrators should ensure that employees don’t have unnecessary access to parts of the network that aren’t critical to their work. This helps limit the spread of ransomware if hackers do get into your system.
5 If hit, don’t ‘wait and see’
Some organisations disconnect computers as a precautionary measure. Shutting down a network can prevent the continued encryption – and possible loss – of more files. Hackers will sometimes encourage you to keep your computer on and linked to the network, but don’t be fooled.
If you’re facing a ransom demand and locked out of your files, law enforcement and cybersecurity experts discourage paying ransoms because it gives incentives to hackers and pays for their future attacks. There’s also no guarantee all files will be restored.
Many organisations without updated backups may decide that regaining access to critical files, such as customer data, and avoiding public embarrassment is worth the cost.