Ransomware is a growing cyber security threat. Ransomware takes two forms - the first encrypts the files on a computer or network; the second locks a user's screen. Both types require the user to make a payment - the 'ransom' - to be able to use the computer normally again. Whilst the amount demanded is usually modest - the perpetrators profiting from the sheer scale of the attack - there is no guarantee that paying up will result in the release of the computer back to normal functioning.
Ransomware attacks are not targeted at organisations for their valuable, confidential data, but are lucrative criminal activities which bring widespread disruption to services and productivity for their victims.
As healthcare services across the UK recover from the attack from the recent WannaCry ransomware bug, the National Cyber Security Centre (NCSC) warns that it is possible a repeat ransomware attack of this type and on this scale could recur, although it has no specific evidence this is the case.
The NCSC says there can be no doubt, however, that ransomware attacks are some of the most immediately damaging forms of cyber attack. It is also the case that there are a number of easy to implement defences against ramsomware which considerably reduce the risk of attack and the impact of successful attacks. These simple steps to protect against ransomware could be applied more thoroughly by the public and organisations.
There are three simple steps that can be taken:
* Keep your organisation's security software patches up-to-date
* Use proper antivirus software services
* Back up the data that most matters to you, because you can't be held to ransom for data you hold somewhere else.
Creighton Magid, a partner at the international law firm Dorsey & Whitney, is an expert in product liability who has worked extensively with the Consumer Product Safety Commission. He says while most media are focusing on the cyber security and data breach implications in this incident, there is a much more dangerous issue that needs to be addressed and it could endanger lives.
“The cyber-attack, using a ransomware bug known as WannaCry, appears to have used an NSA exploit known as 'Eternal Blue' that was disclosed on the web by Shadow Brokers. Microsoft released a patch earlier this year to address the vulnerability, but it appears that a number of hospitals and other users have not applied the patch.”
“Like the DDOS attack last October, this attack shows that interconnected devices and systems are vulnerable to attack by nations, non-state actors and just plain crooks."
“Although much of the focus in cyber security is in preventing data breaches, this attack points to the potential for an entirely different type of damage: shutting down entire businesses, hospital systems, banks, and critical infrastructure. Let’s hope that the attack on the National Health Service in Britain is simply a matter of inconvenience, and that nobody is denied essential care."
What to look out for
The NCSC advises that computers can become infected by ransomware via a number of routes. Users being tricked into running programmes that appear to be legitimate by opening an email attachment or following a link to a website are typical and most users are cautioned against falling for these ploys by not opening attachments or following links sent from an unknown person/organisation or email address. More recently, ransomware has attacked unpatched vulnerabilities in computers and just visiting a malicious website may be enough to cause a problem, hence the importance of keeping software up-to-date. Less common, is the possibility for data transfer between computers by USB memory sticks to cause ransomware to spread.
NCSC offers detailed guidance for any organisations seeking help or advice, or indeed willing to share their experiences from which others may be able to benefit. Go to www.ncsc.gov.uk/guidance.