Haul out the tissues, there’s more than one eye-watering security challenge on the horizon.
In May 2017, 100,000-200,000 computers in 99 countries around the world were infected by a ransomware known as WannaCry. This nasty little trail of code entered into organisations using email and infected attachments. Once an unsuspecting person opened the attachment, the ransomware would install itself and spread across the network, locking files and preventing access to essential information. It climbed inside the NHS in the UK, Telefonica in Spain, Renault in France, Deutsche Bahn in Germany, FedEx in the USA, Nissan in England, Hitachi in Japan, Russian Central Bank, Indian Police in the Andhra Pradesh state, and the Bank of China. And that list is only scratching the surface of companies affected by the attack.
WannaCry encrypted computers and demanded that those infected pay a US$ 300 ransom to get their files unlocked. The problem was that there was no way to confirm that payment would see them unlock the files. It was also an unlikely possibility thanks to the high levels of attention the ransomware received, and the fact that unlocking the files requires a physical presence. It is doubtful that the hackers make house calls and, by the time of writing, few companies had paid up. What makes the ransomware even more malicious is that the amount went up every week that payment wasn’t made. It seems that this was a risk that most infected companies were willing to take.
The ransomware itself spread thanks to flaws in older versions of Windows – Windows 7 being the biggest culprit. These flaws had been used by the NSA to hack into PCs before being made public by the Shadow Brokers in April. Many of the machines attacked were vulnerable as they hadn’t applied the latest Windows updates. What makes this even more of a concern, is that many organisations continue to use Windows XP even after this attack and the risks it presents.
Microsoft has decided to provide public patches for older Windows operating systems that are in custom support, something the company normally doesn’t do. The patches will include specific fixes for Windows XP, Windows 8, and Windows Server 2003. For anyone interested in avoiding the disaster that’s struck other businesses and individuals, downloading and installing these patches is essential.
First Technology recommends that all computer users consider the following advice when it comes to security so they’re not the ones hauling out the tissues when the next outbreak occurs. And yes, it is when, not if, the next outbreak occurs.
Turn on automatic updates and ensure all software, including anti-virus software and your operating system are patched and updated.
Ensure you’re running, or plan to move to, the most recent version of your operating system of choice, such as Windows 10 or MacOS 10.12.
Backup your files regularly and keep at least one backup offline.
Take care with your email and don’t open unexpected attachments or click on links in emails. Check first, make sure it is safe, don’t start a security tsunami.
Until next time, thank you for your continued support of First Technology.
Johan de Villiers Managing Director