Understanding the steps you can take against Ransomware
The Cyber Attack on Friday 12th May against the NHS in the UK and many other large and small organisations across over 150 countries is believed to have been an indiscriminate attack. The organisations known to have suffered are not likely to be the last and it is feared that as the working week starts again on Monday, many more attacks will be discovered.
The attack appears to have exploited a vulnerability in the Microsoft Windows operating systems for which a patch was issued a few weeks ago. However, many organisations do not update their software quickly enough to prevent such exploits from becoming succesful. Furthermore, there are still many organisations using unsupported versions of Windows operating systems such as Windows XP and Server 2003 - these systems should be isolated from the Internet if still in use at the very least.
Steps you should take: -
- Make sure all systems have up to date operating systems by running Windows Update. In particular, an update MS17-010 from Microsoft that specifically relates to the vulnerability exploited. (Cyber Essentials requirement).
- Set updates to be automatically deployed or installed within 14 days. (Cyber Essentials requirement).
- Check the settings for your Anti-malware (anti-virus) software is also up to date and set to update daily. (Cyber Essentials requirement).
- Check that the Anti-malware is also set to scan all files when being accessed. (Cyber Essentials requirement).
- Check that the backup routine has worked and is backing up all data.
As you can see from the above list 4 of the steps are requirements when adopting the Cyber Essentials security standard - this should be a further step you should consider. See this link for more information - www.cyberstrategies.co.uk/cyber-essentials
If you are concerned about the security of your systems, please email firstname.lastname@example.org and we will contact you as quickly as possible.