If you’ve been reading the news in recent months, you will have likely heard about the notable cyber-attack that affected the NHS. The program, which infected an estimated 70,000 devices in the NHS is known as WannaCry. It wasn’t just computers that were affected either, other items included:
• Blood-storage refrigerators
• MRI scanners,
• Theatre equipment
The instigators of WannaCry targeted businesses with a cyber security gap in outdated Microsoft Windows systems. Even though Microsoft released a security update, not all users thought to install it. This lapse in security allowed WannaCry to spread rapidly, infecting over 230,000 computers worldwide.
How does the WannaCry virus work?
It takes only one computer or electronic device in a network to be infected. The WannaCry program can then spread to all other devices connected to the network within a matter of seconds. Like most ransomware, users are locked out of their computers until a sum of money is paid. Payment demands start out relatively low at £230, but doubles if no payment is made within three days. Then files are threatened with deletion if payment is still not received after this time.
New Goldeneye virus
It very rarely stays quiet for long in the arena of cyber threats. Since WannaCry caused havoc, a new virus the Petya virus or a variation known as GoldenEye has emerged. It targeted major government agencies and operations in the Ukraine and Russia, as well as a number of companies throughout Europe and the US. The sectors affected include financial services, transportation, energy, manufacturing, and professional services, as well as others. In numerous cases, the attack led to businesses being unable to operate due to significant interruption.
Review your cyber security
It’s always difficult to know the best way to respond when faced with this kind of threat. Whilst the temptation just to pay a ransom is probably strong, some experts recommend not paying the demand. There is no guarantee you will get your data back. To try and avoid the threat it’s wise to take some cautionary action:
• Run all Windows updates and turn on any auto-updaters
• Be sure to update your network security
• Back up all documents regularly onto a separate drive.
• Provide your employees with cyber security training. Include how to recognise a cyber-attack, and phishing email scams. Your employees can often be your greatest vulnerability. By providing better training you stand a greater chance against attacks.
• Look into which anti-virus, as well as anti-malware software is best for your organisation. Waste no time installing it on all of your organisation’s computers or software.
• Review your cyber insurance cover to check your levels of protection. Remember you will want to consider protecting both your company reputation and finances.
Assuming you have a cyber insurance policy in place, then if your business has been affected by a cyberattack, you need to act swiftly. In order to contain the outbreak be sure to collect information needed to make a claim by:
• Notifying your broker of the incident and discussing the cover in place. And look to access any breach support and recovery services available under your policy.
• Ensure you preserve information and document the timeline of the incident and recovery efforts, which you may need later during a claim.
Source: Zywave: Newsbrief: Aftermath of Wannacry Ransomware yet to be Seen
By: Alison Henderson