Many of you may have heard over the weekend of the latest WannaCry ransomware attack to hit a number of big organisations over recent days. According to the ABC news, nearly 100 countries have been hit by the “WannaCry” ransomware. In Britain, the healthcare system was thrown into chaos by the ransomware attack on the weekend. The Europol director Rob Wainwright said “The global reach is unprecedented. The latest count is over 200,000 victims in at least 150 countries, and those victims, many of those will be businesses, including large corporations,”

“One Australian company appears to have been targeted by the attacks, with the possibility of more,” said Assistant Minister for cyber-security Dan Tehan.

Mr Tehan also said the attacks were on small- to medium-sized private sector businesses and that government departments had been told to ensure they were protected.

“The initial spread of the malware was through email, including fake invoices, job offers and other lures with a .zip file that initiates the WannaCry infection.  The worm-like Eternal Blue can exploit a flaw in the Server Message Block (SMB) in Microsoft Windows, which can allow remote code execution.  This flaw was patched in Microsoft’s March 2017 update cycle, but many organisations had not run the patch or were using unsupported legacy technology like XP.”

Source – Webroot Blog

So how can you protect your Business

There are no “one click, all safe” buttons in ensuring the safety of your Information and communications technology (ICT) systems. To help in the fight against malware and ransomware education of yourself and staff is key. Below is a couple of simple yet effective thing you can do to reduce the chances of infection.

Passwords!

All staff should have individual and complex passwords. Multiple users with the same passwords or weak passwords are vulnerable to brute force attacks. A Microsoft’s definition complex password can be found here, but basically, it should NOT resemble your username or display name and should contain 3 of the 4 below.

  • Uppercase character
  • Lowercase character
  • Base 10 digits (0 through 9)
  • Nonalphanumeric characters: such as  [email protected]#$%^&*_-+=`|\(){}[]:;”‘<>,.?/

If you are struggling to think of a password you can always try a password generator like LastPass – https://lastpass.com/generatepassword.php

Updates

For this particular attack, Microsoft have provided a “Customer Guidance for WannaCrypt attacks” so please ensure that your Managed Service Provider (MSP) / I.T. Company has run all the required Microsoft updates on your ICT infrastructure,

This attack has shown the importance from business to ensure that they are running supported, and up-to-date versions of Operating systems and Software.

The team at ONGC have been working many of our customers to ensure the latest updates that resolve the vulnerability are installed.  Please talk to your I.T. Support team or IT Solutions Brisbane to ensure that your system is up-to-date and determine an end-of-life plan for all out-of-date or near to out-of-date technologies.

Email Awareness

As pointed to above, the initial spread of the malware was through email, including fake invoices, job offers and other lures with a .zip file that initiates the infection.

6 thing you can do to help reduce the likelihood that you will open an email or attachment with an infection are:

  1. Check that the from email address is coming from the correct email address. Be aware that the email might be sent from falsified or ‘spoofed’ email addresses.
  2. Scammers will make every attempt to make the email look legitimate. This makes is very had to know the difference at times. If unsure, directly contact the company that the email is from.
  3. The body of the email may contain spelling mistakes and poor grammar.
  4. Often there will be a sense of Urgency or Threat to the email to trick you into action.
  5. ALWAYS check links in emails before clicking them. Hover over the link on your with your mouse before clicking on them. For mobile devices, you can ‘tap and hold’ the links.
    Tip: To check a shortened link try http://unshorten.it/ as recommended by https://www.cnet.com/
  6. NEVER open or download anything unless you are 100% sure it is from a safe source. Some of the most common download extension used to spread ransomware are; .docx, .zip and .exe

For more information please read our Post – 6 steps to stay safe these holidays

Antivirus (AV) Software

AV Software is often seen to be the be all and end all of protection. This is just not the case, however, it is a vital part of a strong endpoint control strategy. Ensure that all devices on you ICT network have some sort of AV software installed, preferably keep the software standard across the board and use an AV solution that is centrally managed so you can see easily see which devices on your network are out of date or are potentially infected and take action accordingly

Backups and Disaster recovery (BUDR)

The importance of having a BUDR plan should not be understated. This will not only give you piece of mind that your data is safe but will also save you time and money if you need to recover your systems after an attack. You might even need to consider taking you BUDR plan to the next level and look at business continuity. The reason being while more servers are being backed up in business, how much important data is being saved on local computers and will the loss of this data affect your business.

For more information please read our Post – How much downtime could your business afford?

Lastly, we have created an email template you can copy, update and send onto your staff to help in the fight against ransomware.

Email Template to send to staff:


Hi,

This alert is to advise employees about a global cyber security threat and what you can do to assist both [YOUR BUSINESS NAME], and also you and your family, protect themselves.

There are widespread reports of an emerging ransomware campaign that is interfering with many computers and networks around the world. Ransomware is a type of malicious software that handicaps computer functionality and makes data unavailable but then offers to restore the functionality and data for a fee, which is a form of extortion. Interruptions to ICT-based services have been experienced across Europe and United Kingdom as a result of this ransomware. This threat is not limited to business systems and can also impact your own personal/home computers.

While no reports of adverse impact to [YOUR BUSINESS NAME] ICT infrastructure have been received. We have advised that our I.T. Service provider [SERVICE PROVIDERS NAME] and they continue to monitor developments relating to this threat and have confirmed all relevant updates (‘patches’) are applied to our server and desktop fleet. In addition, configurations in our network minimise the opportunity for this threat to enter or spread across our network. It’s important that all employees remain vigilant about their interactions with suspicious emails, especially those with attachments, to help impede the malware’s ability to spread to other computers/networks.

Please also note the following general recommendations:

  • Make sure you have a reasonably complex password as basic password are more vulnerable to brute force attacks.
  • Do not open emails that you don’t recognise, especially if there are attachments.
  • Consider using a reputable security software product on your personal computing device. If you use such software, run a full scan of your computer regularly, or configure the scanning to occur automatically.
  • Only visit reputable websites and online services.
  • Recovery of systems that have been infected with ransomware is almost impossible without reliable backups. Backup your data regularly to a secure and separate storage location.
  • You can reduce the likelihood of falling victim to ransomware, and many other forms of malware, if you ensure that the software on your personal computing devices automatically applies the latest updates and patches as soon as they are available. This automatic software update features can be activated on your device to make this task simple.

While there have been reports that data can be recovered if the ransom is paid, this cannot be guaranteed as the perpetrators of the extortion are criminals. Furthermore, the criminals may simply encrypt your files again, and increase the ransom. For this reason, responding to extortion threats is not recommended.

Thank you for your support in this matter and if you have any questions please let me know.

Kind Regards,

If you have any further concerns and question please let us know and one of our team will be only too happy to help

Ben Smith works as the Digital Manager at ONGC. Please feel free to Contact him with any questions.