Ransomware, also known as WannaCry/WannaCrypt0r recently hit worldwide with one of the biggest attacks in cybersecurity history. It struck the NHS (National Health Service) in Britain, affecting 40 hospitals to the extent that appointments had to be cancelled, surgeries postponed, essentially affecting many lives. It has affected many companies worldwide and has since spread to South Africa.
The initial strain exploited vulnerabilities in pre Windows 10 operating systems, however newer more advanced strains are likely to target Windows 10 in due course.
What is the Ransomware virus?
It is a virus/worm capable of spreading rapidly from machine to machine making use of a vulnerability in Windows operating systems.
It spreads via Word, PDF and other attachments sent via email. Once the email attachment is opened, the ransomware will contact the central server for the information it needs and start encrypting the data. A payment for the decryption of data is then demanded.
What can you do to protect your company and private data from attack?
As stated above, Ransomware spreads mainly via email and thus one must be vigilant when opening email attachments. Check, double-check and triple check any and all emails before opening any attachments. If the email looks suspicious, contact your internal IT department for advice or delete it. Report the email to your company’s IT Department immediately and allow them to communicate it to the organisation as a whole. This can aid in curbing the spread of this virus.
What can your company do to protect itself from attack?
- Ensure that your company has a reliable backup system in place and that your data is recoverable. Perform regular disaster recovery tests to confirm this. Ensure that backups are stored offsite or are not susceptible to any form of attack.
- Patch Management: Ensure that your organisation deploys the latest critical and security patches regularly. This is one of the most proactive and vital approaches.
- Ensure that your company and or computer systems have a reputable anti-virus program.
- Train your employees on a regular basis, keeping awareness up and ensuring that their knowledge is up to date and that the implications of certain actions are realised.
- Ensure that you have some form of “Targeted Threat Protection” or “email attachment scanning” on your email gateways. Scan attachments and URL website links.
- Communication in these scenarios is key. If you notice any suspicious activity, report it immediately to your IT Department.
If you would like any assistance in assessing your cybersecurity risk or implementation of these proactive measures to aid against future attacks please do not hesitate to contact RSM South Africa.
Richard Curtis
Senior Manager | IT Consulting, Johannesburg