Since the news broke on Friday of a huge ransomware attack, which has claimed the National Health Service as one of its highest profile victims, various accounts of this story have been circulating in the media.
The variant, which has reportedly affected over 40 NHS Trusts in England as well as some NHS bodies in Scotland, goes by the name of WannaCryptor (also known as WanaCrypt or Wcry).
What do we know so far?
- Ransomware is malicious code that, when executed, attempts to encrypt all files it can see on a network, rendering them inaccessible to users. Users are then promise that these files will be unlocked (or decrypted) if a ransom is paid. Unfortunately, there is no guarantee that access will actually be restored if a victim does choose to part with their money.
- WannaCryptor spreads via malicious email attachments sent to victims, which once opened, download the payload that encrypts a victim’s data. However, once the encryption is underway, this specific ransomware also exploits a bug in file sharing protocol Windows Server Message Block (SMB) on unpatched or unsupported versions of Windows desktops and servers.
- Microsoft first released a patch addressing this vulnerability back in March 2017, although the company generally only makes these security updates available for supported operating systems. But over the weekend, Microsoft took the unprecedented step of releasing an update to fix this exploit on unsupported operating systems
- Friday’s attack, which is affecting many other global organisations besides the NHS, highlights the importance of never opening an email attachment you do not recognise and ensuring that all windows operating systems are kept fully up-to-date.
What can you do to protect your stat?
For more information of ransomware and what your organisation can do to protect its own data, please download our whitepaper entitled: Ransomware: How to protect your business against this growing threat.
For all other enquiries , please call our support team on 0345 021 0077.