Become aware, don’t pull out your hair, show your staff you care and combat Ransomware

Cyber Hacks are nothing new – Technology firms have cried out for safer IT security since the Internet was born, but the latest NHS Digital attacks from Ransomware have raised the flag even higher over the past few days.

What has happened?

On Friday 12th May 2017, a Global Cybercrime took place. Hackers created a computer virus that threatened to delete the user’s files unless a ransom was paid. This type of cybercrime is called Ransomware. 1 in 5 hospitals in the UK were affected, whilst over 150 countries worldwide reported the same attack
Although we have been aware of ransomware since 2015, a number of public and private sector businesses are still under threat due to outdated and unsecured server systems.

What shall I do?

99% of hackers target computers via spam emails that have hidden code and feature the virus that can encrypt and lock your computer if opened. The idea is to stay vigilant and get all staff to understand the key threats:

• If you’re not expecting an email and don’t know the sender, be extremely wary and don’t double click any attachments if you don’t need to
• If something that’s supposed to be “official” (and email or web page) has grammatical errors or seems in any way not quite professional, don’t touch it
• If the sender’s email domain doesn’t look quite right (the domain isn’t one you know – such as academiastuff.com – or if it has latin letters replaced with similar looking Cyrillic or other characters – such as acɒdemia), don’t trust it
• If in doubt, check with the sender – nobody is going to be annoyed with you double checking the origin of an email
• Wherever possible, utilise systems that don’t store files locally (e.g. Office365/OneDrive/Sharepoint online only – not using the desktop sync agents – or apps such as Foldr which take network shared drives and put them in a browser so your machine doesn’t look at the share directly)

Ultimately, ransomware cannot get to files that you only access via a browser to encrypt them. Therefore, worst case if you do become infected, you just wipe your machine and don’t lose any data.

It is essential that all your systems have the latest security patches installed and that backups are regularly taken. Consult your head of IT or your service operator if in doubt. More information about a previous fix from Microsoft can be found here: TechNet

What is the Future?

Unfortunately, the future is difficult to predict. The ever changing technology landscape will of course increase risk, but the advance in security and heightened awareness of what to look out for should hopefully minimise the cyber criminal’s activity.