On Friday, we learnt that the NHS had fallen victim to a ransomware attack, which within a few hours had caused havoc for computer networks not just within the NHS, but for both home and work PC users across multiple countries.

The ransomware responsible for the attack is named ‘WannaCry’ and it certainly will make you want to cry if you are unfortunate enough to be affected by it. At the moment, WannaCry has hit over 200,000 systems in 150 Countries, according to Europol. The worrying part is there’s 196 countries in the world- meaning this virus has managed to spread virtually worldwide in a matter of just 3 days. This highlights the sheer impact that a virus can have on computer networks.

An Expert Opinion

Joe-Burns-cyber-security-expertOur Group Technical Director, and Cyber Security expert, Joe Burns, was interviewed by BBC Radio Nottingham and Gem 106 to discuss the matter. He explained that ransomware attacks like this are able to spread so freely and quickly as a result of people either not patching over vulnerabilities, which can be done by installing the most recent updates, or by working on unsupported operating systems.

Currently, Windows XP, Windows Vista and Windows Server 2003 are unsupported by Microsoft, meaning that new vulnerabilities cannot be patched, putting users at risk.  Windows Vista became unsupported in April this year, however, in March Microsoft released a patch for Vista that if installed, would have protected users from the ransomware.

To deal with the sheer amount of people running on old operating systems that were affected by WannaCry, Microsoft had to make an update that could patch over the security flaws. He points out that Windows 10 and Windows Server 2016 are significantly more secure than any of their predecessors.

Joe also used an analogy to explain how ransomware works;

“It’s a bit like everyone having a flowerpot outside their house, with a key to the property underneath the flowerpot which was placed there by the builder. The homeowners don’t actually know it is there and only the builder and a select few people know that it exists at all.

The key allows someone to enter the property and snoop around without detection, as the person has not had to forcefully break in. However, the problem occurs because someone has broadcasted to the world that this key exists under everyone’s flowerpots, so now a lot of people know about it, meaning that many criminals will take advantage of this and start entering people’s homes, gathering precious possessions (your files) and storing them in a safe that only they know the code for, they will give you the code, if you hand over the money (how ransomware works).

The way to fix it, is simply removing the key from under the flowerpot (the vulnerability) by installing updates and patching over vulnerabilities on your network.”


Preventative Measures for Ransomware Attack

Joe explains that these six steps are crucial in ensuring protection against attacks of this kind:

  1. Most importantly, running on supported operating systems and installing updates is the most crucial step anyone can take in avoiding cyber attacks, this patches over vulnerabilities in old versions of operating systems.
  2. Disable Server Message Block (SMB) Version 1- this measure is specific to this situation
  3. Don’t open emails from unknown senders and be cautious of opening emails even from known senders, especially if they contain attachments which you were not expecting to receive.
  4. Disable RDP ports
  5. Install IDS (Intrusion Detection System) so you can be alerted if there is suspicious activity on your network, giving you more time to mitigate the threat.
  6. Invest in cyber security training that raises awareness in the workplace of cyber threats and what to look out for, stressing that every employee is responsible for keeping the computer network safe.

You can listen to Joe’s interview below:

Joe Burns is Group Technology Director of the Townley Group, which includes Pyranet UK who are a Cyber Essentials Plus certified company, with a team of cyber security specialists.

Talk to Townley today on 0370 777 7970 or visit our website if you are concerned about vulnerabilities and ransomware, we are always happy to help.