In the past couple of months, the world has seen two of the most devastating and wide-spread cyber-attacks in history. The first attack, using a popular variant of the WannaCry ransomware, struck in May 2017, crippling the NHS and other critical systems across the UK. Just a month after, a second and separate attack hit, this time based off the GoldenEye ransomware. This attack infected over a dozen countries, including critical systems in Ukraine, Russia and businesses within the UK. So, with the threat of ransomware attacks at an all-time high, how can you protect your business?
Assessing recent ransomware attacks
The two recent large-scale attacks appear to have both been exploiting a similar vulnerability, which is present in outdated versions of Microsoft’s Windows operating systems. The now unsupported systems, of which the most popular is Windows XP, are no longer receiving updates from Microsoft, meaning that where up-to-date and supported operating systems will be patched to resolve any vulnerabilities, if you are using an older OS, you will not receive these updates and you could be leaving yourself open to attack.
These recent attacks are both variants of the ransomware form of malware, which encrypts the data on a user’s machine, demanding a payment be sent to a bitcoin account in order to receive the decryption key. The main problem or danger with this however, is that you cannot guarantee the safe return of your data, even if payment is sent. For this reason, experts recommend that you do not pay, especially as security companies will quickly lock the account, so the individual or group behind the attack cannot confirm receipt of the payment, so you will not receive the decryption key.
Recovering from an attack
So, what do you do if you’ve been infected? If your business has been breached, you will need to notify your local data protection agency or government representative, as well as notifying anyone associated with the business that could potentially be put at risk as a result of the attack. If you have backups of all your critical data, recovery should not be too difficult, although we recommend bringing in the experts to help you get set up quickly and prevent this happening again in the future.
If you do not have any backups of your critical data, or if your backups have also been encrypted, getting back on your feet could be a challenging process. Talk to a decryption expert, and see if there are able to recover any sensitive documents, and create a plan of the data that has been lost and the different accounts or records that may have been compromised as a result. This will help investigations into the cause and effect of the attack, as well as helping you rebuild.
Preventing future attacks
If you haven’t been hit, it’s important that you take every step possible to prevent yourself from becoming a target to hackers, and to make sure your staff is able to identify and prevent potential threats before they become a problem. To do this, you should create a plan for training your staff on spotting suspicious links or attachments in emails, browsing the internet and downloading safely and what to do if they suspect a breach.
You should also take steps to protect your computers and network systems from breaches, ensuring that all systems have an up-to-date antivirus installed and that you have a procedure in place for the regular updating of all software and hardware. This will help prevent against any vulnerabilities caused by out-of-date or unsupported systems.
Consult with the experts
When dealing with such wide-spread and damaging attacks like those that we have seen recently, you cannot afford to take risks with your cyber-security. That is why the best option is often to bring in a cyber-security expert consultancy, who will be able to draft up a bespoke plan for your business, covering the management of software and hardware updates and putting a plan in place for the education and protection of individual staff and users.
Servnet UK Ltd make use of a dedicated security service partner, allowing us to deliver effectively managed and proactive cyber-security measures, which is constantly evolving in response to developments in technology and ensuring you are protected against the threats that your business faces every day. To find out more about how you can protect your business, speak to a member of our security team today on 0845 075 5566.