Cyber crime – computer virus infections created for the specific purpose of extorting money has finally, and unfortunately made front page news – infecting NHS computers and other organisations.
I’m not alone in asking the question how did this happen? The simple, non-specific answer is computer security not being up to scratch and chance. And the human factor too.
Computer security is:
- Keeping your operating system software, i.e. Windows, up-to-date.
- Keeping known vulnerable software disabled, i.e. Flash player.
- Keeping other programs used, i.e. web browsers – Microsoft Edge, Internet Explorer, Google Chrome up-to-date.
- Using anti-virus and anti-malware software that is current and reviewing scans.
Chance is getting sent the infected email, visiting an infected web page etc.
The human factor is clicking on that something.
Sound advice to mitigate infections are:
- Ensure Windows updates are being applied.
- Don’t open emails and/or click on attachments where you don’t know the sender or your inner voice questions the email’s validity.
- Run daily backups against any files, documents, photos that you can’t afford to lose. Hold the backups offsite – continuously connected USB drives would also be infected if they are plugged in when a virus hits.
- Ensure that you have cyber security (anti-virus & anti-malware) software that is fit for you – free is good, professional versions are better. Install it on your PCs, Servers, mobiles and tablets too.
- Run a risk assessment and devise a disaster recovery plan.
Edit: The dust has settled a little and more facts are now available:
- The flaw was originally discovered by the US National Security Agency (NSA)
- Hackers, identified as the Shadow Brokers, stole this vulnerability from the NSA and released it in the wild for others to use and deploy their ransomware attacks
- Microsoft issued two consecutive patches for the malware, one in March, and another one on Friday 12th May 2017
- As many as 200,000 computers got infected in 3 days – users who failed to install the critical patches were vulnerable
- The malware has the ability to spread across networks, automatically
- The malware threatens to delete your files within seven days if no payment is made ($300 worth of bitcoins)
- It wasn’t just the NHS that was affected, other organizations across the globe, including FedEx, Telefónica etc. were also infected
- A security researcher who wished to remain anonymous became an “accidental hero” after halting the spread of the malware by registering a domain name to track it
- Europol chief Rob Wainwright said the attack had been reported in 150 countries, calling it “unprecedented in scale”
There are many resources to help in the fight to keep your digital life secure. On such resource is the educational and entertaining podcast, Smashing Security, by security expert Graham Cluley. The podcasts have a little geekiness about them, however there’s plenty of straight facts and humour too. In one of the podcast episodes, Graham and his guests discuss WannaCry – who’s to blame.
Just like your GP, we’re here to help you with your (computer) health so please contact us.