In May 2017, an ominous message greeted workers in the UK’s National Health Service (NHS): “Oops, your files have been encrypted!”
This is how malware known variously as WannaCry, WannaCrypt or WannaCryptor 2.0 announced itself to the wider world. With systems locked and critical files encrypted, doctor’s offices had to close and hospitals turned patients away from essential treatments.
How did this happen? Security experts believe an NHS user clicked a link or opened a file they shouldn’t have. Others pointed the finger at the NHS’s network of antiquated hardware and unsupported software as the main factor that facilitated the spread of WannaCry.
Distributing ransomware isn’t hard. This type of malicious software is easy and cheap to spread. In the case of WannaCry, and its related variants, it can infect connected systems without any user interaction, much like a worm that continually replicates itself.
The victim then has a powerful incentive to pay up and, if they don’t, the criminals’ investment has been minimal.
Hospitals and other organizations in the healthcare sector are attractive targets, specifically because of the:
Aging hardware, software and security systems that they often run.
Misconfigured systems, specifically security software that is easy to bypass.
Valuable data they hold, including sensitive patient health records and personal information.
Cybersecurity experts advise against paying a ransom to hackers.
In the first instance, there is no guarantee you will gain access to your encrypted files. A US study found that 70 percent of affected organizations paid a ransom, but doing so only encourages the criminals to continue their activities, and they could even re-target your organization.
Like any infection, prevention is better than cure, especially when it comes to the security of your network. Even if you are dealing with a tight budget, skeleton IT staff and minimal cybersecurity expertise, you don’t necessarily have to spend big to ensure your network remains free of malware like WannaCry.
Your users should be the first line of defense. If employees don’t know what to look for, how can you hope to remain malware free? As a matter of priority, you need to:
Train your staff so they know how to identify phishing attacks that could contain malicious ransomware.
Ensure your organization is running updated software with the latest security patches.
Regularly back up your systems to physical sources and the cloud.
Have a clear email security protocol that discourages users from clicking on suspicious links, attachments or emails.
If a computer is infected, isolate it from the network and alert all staff.
Invest in hardware that’s up to the task of warding off threats.
Ransomware is constantly evolving, so it’s a case of mitigating the threat to ensure your networks, data and reputation aren’t compromised.