Yesterday, May 12th 2017 saw a mass global cyber attack launched with impeccable timing just before the weekend. Over 75000 machines were affected in around 100 countries – so far.
It is believed that a hacking group called Shadow Crew is behind the attack. This is the same group that hacked the CIA in the USA and a couple of months ago released hacking tools developed by that agency and the NSA.
The effect was for many businesses and government departments to be hit with Ransomware (which I’ll cover on here soon). This encrypted files and could only be removed by paying a ransom in a virtual currency called Bitcoin.
Once the ransom is paid the bad guys may or may not decrypt the files – there are no guarantees.
I said it was good timing because the Ransomware gives users 3 days to pay the fine. Many users will have started their weekend already (and in much of the Middle East the weekend is Friday and Saturday) so there’s a good chance that some users will not get to their devices in time and will have to pay – or trash their machines and rebuild them.
Many businesses and government agencies such as the NHS simply shut all systems down in order to prevent them being infected. This is one reason why the impact has been so huge.
No doubt the plan is that once the fix is known (for devices which are infected) then it will be applied to machines individually as they are restarted.
It’s also worth mentioning that at present this doesn’t look like any kind of data breach. Files have been encrypted so the data is inaccessible, but the data hasn’t been accessed or copied – as far as we can tell at the moment.
That’s what happened, so how do you protect yourself and your business? The answer is surprising straightforward.
- Install the MS-17-010 patch on all Microsoft Windows devices. This Critical patch was released by Microsoft on 14 March this year, and the Ransomware takes advantage of a vulnerability which the patch fixes. If your machine has been set to apply updates automatically, then assuming you’ve rebooted your machine since the update was applied you should be safe. If you don’t have Auto Update enabled – manually search for updates and install them now.
- If you’re on a network, make sure that your network administrators have disabled the SMB protocol on all devices that don’t need it. This is how the Ransomware spreads on an internal network.
- Make sure your antivirus software is up to date and running
- Be extra careful when clicking on links you don’t recognise and on unsolicited documents.
- Make sure any devices you use for backing up your data are not physically connected to your computer – if they are, then chances are your backups could get infected too.
That’s all you need to do. It’s clear from this outbreak that the things I’ve been talking about – patching, antivirus, backups, phishing awareness etc – which are all simple things to do but often neglected, are all really good protection against even global attacks.
I’ll be releasing a podcast about this later today, so keep your eyes peeled for that!