Plan & Prevent: The Secret to Overcoming a Ransomware Attack

Last May, we watched in bewilderment as our already crippled NHS was dealt yet another blow — an unprecedented cyber attack was causing chaos and disruption in one in five NHS trusts across England, and we had barely heard the half of it. As the story continued to unfold, newscasters relayed that the attack had been a global phenomenon, quickly spreading to 150 countries and infecting over 230,000 computers.

The guilty party was a malicious program known as WannaCry, ransomware designed specifically to exploit an old Windows vulnerability in order to lock systems, encrypt files and demand $300 (£232) in exchange for a decryption key. While many were warned not to pay the ransom, as there was no guarantee of ever recovering one’s data, the cybercrooks reportedly earned £55,000 in more than 260 Bitcoin transactions.

With such alarming figures, it is not difficult to see why so many hackers have turned to ransomware as a convenient and lucrative form of criminal behaviour. Ironically, however, standard security procedures are also responsible for the increasing danger. Because IT specialists keep open databases listing all known recent threats, cybercriminals are able to use this information to target system weaknesses. To make matters worse, most companies fail to install security patches as soon as they become available, leaving the door wide open for further attacks.

This was seen in the immediate aftermath of the WannaCry debacle. Just as world leaders breathed a cautious sigh of relief and tried to make sense of what had happened, a similar but arguably more sophisticated act of aggression was launched against Eastern Europe. This time, it was Ukraine that took the brunt of it, reporting 80 percent of all so-called NotPetya infections. On the eve of the country’s Constitution Day, Ukrainian airports, businesses, banks and government departments were thrown into disarray, sparking concerns that the attack had been politically motivated.

In fact, the events bear a striking resemblance to 2008’s Russo-Georgian cyberattacks, leading many experts to cite Russia or even North Korea as the likely culprits. Nonetheless, while governments around the globe are still struggling to locate those responsible for the outbreaks, NotPetya and WannaCry serve as a true wake-up call for businesses that remain complacent in securing their systems.

Unfortunately, our current state of vulnerability to internet attacks is due in no small part to the mass shift to cloud computing. Though the cloud does present indisputable benefits, many companies have rashly done away with traditional IT positions — such as those of system administrators — opting instead to rely on on-demand staff that by very nature are unable to provide the attention needed to guarantee cybersecurity.

In order to curb the ongoing threat, Software Planet Group believe it is important to acknowledge that attacks are likely to continue and will sometimes succeed. This means not only doing preventative work, but also ensuring that wise contingency plans are in place at all times.

An example of preventative work would be to make certain that all computers are running the newest versions of Windows, Mac or Linux and equipped with trusted and up-to-date antivirus software. At the same time, businesses should ensure that their operating systems are kept regularly updated with the latest security patches. Because the most common way to become infected with ransomware is through phishing emails, it is also crucial to educate staff and employees to never download suspicious attachments such as doc and pdf files. The same goes for questionable online links, as these are increasingly rampant throughout the internet.

As for an appropriate contingency plan, the value of daily backups cannot be overstated. Had all NotPetya and WannaCry victims kept their files safely backed up, pulling through would have been as simple as reinstalling Windows and transferring data back to the computer. It is important to note, however, that ransomware can also spread to external hard and flash drives, so while these are efficient devices to restore systems, they should only be connected to computers when making data transfers.

Ransomware attacks are just one of many mechanisms cybercrooks can use to hamstring our public and private sectors, so no chances should ever be taken. This is why SPG advocate a Plan and Prevent approach to online security. In order to achieve a first-rate defence strategy, we believe all companies would also stand to benefit from a minimal amount of trained IT administrative staff, on site at all times. When faced with cyberwarfare, your best weapon is your own due diligence.

David Blackwood

Comments are closed