Menu visibility control

Video

Events

Startup Surgery

Most Recent

News

Top tech stats: Virgin’s business predictions, developers have their say and more

FinTech

London FinTech Aire raises $5m Series A from Sunstone Capital and White Star Capital

Sponsored

Tech Chats: EY’s Daniel Lyons on how tech is revolutionising transport

Press Releases

GreenKey Technologies and Red Box Recorders partner to launch integrated trading voice collaboration and compliance recording solution
Leading light in British HealthTech, Network Locum, rebrands to Lantum
SteelEye announces regulatory tech specialist Matt Smith as CEO

How to protect your company from the WannaCry malware that’s ravaged the NHS

cybersecurity
twitterlinkedinFacebookgoogle_plustwitterlinkedinFacebookgoogle_plus

Headlines over the past day or so have been dominated by the news that a strain of ransomware has been tearing around the globe infecting more than 120,000 computers.

NHS facilities and services have been hit particularly hard, but so have the likes of telecoms giant Telefonica, banks Santander and BBVA, plus companies and individuals in Russia, Japan and several other countries.

Called WannaCry, but also known as WanaCrypt0r and WCry, the ransomware is infecting computers and encrypting files, before demanding the user pay a ransom for their files to be decrypted.

Petya ransomware attack: What you need to know

WannaCry leverages a Windows vulnerability, which Microsoft released a patch for, known as MS17-010, in March. However, many organisations appear to have failed to install this patch, or are running old versions of Windows to which this doesn’t apply.

On Friday night, though, an unnamed cybersecurity researcher and Darien Huss, from security firm Proofpoint, found a way to stop the malicious software spreading.

“I had a bit of a look into that and then I found a sample of the malware behind it, and saw that it was connecting out to a specific domain, which was not registered. So I picked it up not knowing what it did at the time,” the nameless knight in shining armour told The Guardian.

He bought the domain for just $10.69 and noticed straight away it was registering thousands of connections every second. Basically, the malware has been making requests to that particular domain name and once these requests came back showing the domain was live, a “kill switch” was activated, stopping the malware from spreading.

We’re not out of the woods yet though, it seems. “This is not over. The attackers will realise how we stopped it, they’ll change the code and then they’ll start again,” said the unlikely hero.

Protecting your business

So just what can you do to protect your business from this malware, and other pieces of malicious software that are doing the rounds?

Tom Gaffney, security advisor at cybersecurity firm F-Secure, said: “Organisations should make sure they have a properly configured firewall and have the latest Windows security updates installed, in particular MS17-010, to prevent spreading.”

He went on to say that, as a general rule of thumb, companies should always use a “robust” security solution, keep software up to date and limit the use of browser plugins.

“Don’t let let your guard down with firewall hygiene – configurations from 2000 could have prevented this. Make sure to take regular back-ups, so that you can get up and running again quickly if you are attacked. And don’t open email attachments from someone you don’t know,” Gaffney added.

A spokesperson from cybersecurity solutions provider Bitdefender, said companies should disable the ‘Server Message Block’ service on their computer if patching is impossible, then install the patch, update their software and make sure they have all Windows updates on their machine. Firms should then backup their data on offline hard drives. The spokesperson stressed the ransomware malware can encrypt files on external drives such as a USB thumb drive, as well as any network or cloud file stores.

A Symantec blog post urged people to be extremely wary of any Microsoft Office email attachment that advises them to enable macros to view its content.

“Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email,” it explained.

Those already infected by the malware are advised to not pay the ransom, as there is no guarantee the cybercriminals will adhere to their side of the bargain and could just demand further payment once an initial transfer has been made. Cybersecurity firms are looking for solutions, but unfortunately it could be the case that encrypted files cannot be retrieved. This whole shenanigans is essentially a stark reminder of the importance of maintaining good cybersecurity practices.

Enter your email address to receive updates straight to your inbox

* indicates required
Send me news on...
twitterlinkedinFacebookgoogle_plustwitterlinkedinFacebookgoogle_plus

Editor's picks

startup tech laptop

Top tech stats: Virgin’s business predictions, developers have their say and more
posted on July 22, 2017

Aire Team picture June 2017_9

London FinTech Aire raises $5m Series A from Sunstone Capital and White Star Capital
posted on July 21, 2017

Tech Chats June - digital mobility

Tech Chats: EY’s Daniel Lyons on how tech is revolutionising transport
posted on July 21, 2017

mobile phone

London machine learning startup Sportr closes $350k Seed round
posted on July 21, 2017

The Week in Tech

A $170m tech fund, a drowning robot and more in The Week in Tech
posted on July 21, 2017

Graphcore founders Nigel Toon CEO (right) & Simon Knowles CTO (left)

Bristol-based Graphcore raises $30m from backers including DeepMind co-founder and Atomico
posted on July 20, 2017