High profile ransomware attacks on the NHS

As you will have no doubt seen over the course of the weekend there have been a number of high profile ransomware attacks on the NHS along with various other types of organisations and businesses. This is not a new threat and several customers have experienced this form of attack in the last 12 months, fortunately having a good backup strategy in place recovered their data with minimum loss, but recovery time can be lengthy and cost the business in terms of time lost, so we want to help prevent this wherever possible.

Monday 15 May 2017

As you will have no doubt seen over the course of the weekend there have been a number of high profile ransomware attacks on the NHS along with various other types of organisations and businesses.

This is not a new threat and several customers have experienced this form of attack in the last 12 months, fortunately having a good backup strategy in place recovered their data with minimum loss, but recovery time can be lengthy and cost the business in terms of time lost, so we want to help prevent this wherever possible.

Every time it has happened, the cause has been someone in the organisation opening an email and then either opening an attachment or clicking on a link within the email because they thought it was a legitimate or were curious as to its content.

So, what can we do to prevent it? Technology can only do so much, there are additional antivirus and mail scanning services from Office 365 and others which can help but none of these are a silver bullet 100% guarantee, they just reduce the risk.

The best defence against this form of attack is a combination of technology and more importantly staff awareness; for example:

Opening the email itself won’t infect you, but clicking on links within the email or opening attachments will, so if you see an email like that always take a moment to determine if the sender is known and if you are expecting attachments from them;
Viruses can sometimes appear to come from friends/contacts you know but these are usually spoofed emails, the name description says the email is from Uncle Bob but the email address itself looks nothing like it his legitimate email address. If that happens delete it and report the incident straight away.
If you didn’t order something don’t open the invoice from a supplier you’ve never dealt with before claiming that you have;
If DHL are emailing you about an undelivered package and you are not expecting a delivery then don’t click on any attachment or link; and
Banks, Microsoft or Google don’t ask for account details or ask you to login to systems, they don’t need to, so don’t do what the email asks.

In short, if you are not expecting that email, then always question it and don’t blindly do what it asks and just delete it. If it happens to be legitimate don’t worry someone will make contact in some other way and you can then verify the legitimacy of the contact at that stage.

Monday 15 May 2017