On Friday a coordinated ransomware attack was launched globally to target a known security flaw in various Microsoft operating systems (i.e. Windows 7). An infected machine would have its documents and other files encrypted and/or the workstation locked completely. The attacker would then demand a “ransom” to reverse the process.
This type of attack is not new but the scale and coordination of Friday’s event is. Given the disruption and possible data loss this type of attack can generate we have gathered some advice for our clients to help mitigate getting the virus.
How do you get it?
Generally a business will be infected by an initial email being delivered to someone within the company. This email will either have an attachment containing the virus or contain a link which will direct the user to a website containing the virus. Once this users workstation is infected it can spread through the entire business network very quickly by using known security flaws within Microsoft’s Windows operating system. The end result is that your data is encrypted on compromised workstations/servers and you must either pay a “ransom” fee or recover from a backup.
While the above situation is the most common delivery method other situations can result in your environment being compromised, one such example is an employee bringing a home device into the office which is already infected.
How can I stop it from happening?
There is no silver bullet for stopping this type of attack but there are several steps you can take to mitigate the risk.
- Ensure all Windows workstations, laptops and servers have recent security patches applied and are then kept current (this is the most critical advise we can give for this particular threat)
- Educate users that email attachments and websites can contain viruses. The following points apply:
- It is common for users to access their personal email accounts from work devices, these emails present an equal or greater risk to the company and we have seen instances where this virus has been delivered into a business via personal accounts
- Common sense is key. Read all emails completely before opening any attachments or following a web link. Does the language seem correct? Is the context of the email sensible? Have they used an email signature and if so does it relate to a New Zealand company? The vast majority of emails delivering threats like this contain clear markers that point to it being a fake. If there is any doubt delete it or close the browser window.
- Don’t open a “ZIP” attachment unless the above applies, you know the sender and the context of sending you a ZIP archive makes sense. Be especially cautious of this type of attachment
- An antivirus can assist with stopping the virus if you do accidentally launch it but you shouldn’t rely on this. Be sure to use a robust product as its the last line of defense and it is kept up to date
- Backup. In the unlikely event your business is hit by this attack you will most likely want to recover from a backup. Be sure your data is backed up and available if needed.
For our managed IT clients we have forced out the required Windows security updates which mitigates this attack and will be proactively monitoring. If you have any questions or concerns regarding this specific attack please feel free to contact our office on 0800-942-002 or [email protected].