WannaCry ransomware isn’t going away any time soon. Your business needs to take steps to protect itself from damaging infection.
It was just over a year ago when ransomware attacks left the tech pages and hit the front pages. The NHS suffered a WannaCry ransomware infection, resulting in serious operational issues for NHS hospitals throughout the United Kingdom. All of a sudden, malware was no longer a frustrating by-product of visiting dubious websites or downloading pirated movies; it had entered the real world, with real consequences.
Although the panic around WannaCry died down, the truth is that it’s never gone away. Ransomware remains a lucrative business for cybercriminals around the world, and it’s probably only a matter of time before WannaCry 2.0 causes yet more chaos for organisations of all sizes.
At MMRIT, we have become aware of a number of spam emails being circulated that claim an organisation’s data has been compromised. With this in mind, we are sharing this blog post to explain what WannaCry ransomware is, and what you can do to protect youself.
What is WannaCry Ransomware?
WannaCry is a high profile strain of ransomware. Modern ransomware attacks started appearing in around 2013, when the CryptoLocker ransomware was used for attacks on a number of individuals and organisations worldwide. Since then we have seen CryptoWall, Locky, Ransom32, Petya, and a number of other ransomware strains come and go; WannaCry has, to date, been the most effective and most high profile.
All strains of ransomware have similar characteristics. The aim of ransomware is to extort money from victims. It achieves this by infecting a computer – usually by a user clicking an email attachment, but sometimes through compromised websites – and encrypting all of the files it can find that are connected to the computer, both on local drives and on shared drives.
Once the files have been encrypted, the business or individual are notified of the infection and advised that they have a set amount of time to pay a ransom, usually in cryptocurrency, to obtain a decryption key that will restore access to the files.
Ransomware has proved to be extremely lucrative for cybercriminals; so much so that it’s become a preferred method of making money.
Protect Your Business
When it comes to ransomware, prevention is much better than cure. Educating your users on the threat of cyber-attack, especially via phishing emails, is essential. We also recommend the following seven steps, which will help reduce the risk of WannaCry ransomware infection:
- Stay up-to-date with Microsoft security patches for both servers and workstations;
- Take regular backups, and test them to ensure that they work;
- Install real-time updated antivirus, and turn on active scanning;
- Keep all software up-to-date, especially the likes of Java and Adobe Flash Player;
- If you or any other user is even a little bit unsure about an email or attachment, never click it;
- Always avoid dubious websites, as they can often contain ransomware payloads;
- Setup appropriate user access rights on your systems. Not every user needs access to every file.
You may also want to consider the following additional measures, although for some firms they may be too onerous on day-to-day operations:
- Implement read-only permissions for documents;
- Store documents in a document management system;
- Avoid using Adobe Flash Player altogether;
- Install ad-blocking and anti-spam filters;
- Enable software restrictions through Group Policies.
Implement Security Best Practices
WannaCry ransomware is an active threat to your business, and it isn’t going away. The best way to protect your business is to take security best practice steps, always remembering that user education and awareness is absolutely paramount. If you’d like any advice on how to implement security best practice measures for your business, MMRIT can help. Contact us to learn more.