A massive, fast-moving cyber attack has hit as many as 74 countries. The ransomware attack first appeared Friday morning in the United Kingdom and has impacted computer systems at a wide range of organizations including hospitals, telecom, universities and businesses.
According to news reports, the malicious software is a variant of ransomware known as WannaCry, which can encrypt older Windows® operating systems that have not been patched with the latest security updates. It’s delivered via email with an encrypted .zip file attachment, which, if opened, immediately infects and locks the targeted computer.
While the full scope and impact of this incident is still unfolding, CyberScout has seen hundreds of ransomware cases and offers these tips to protect your firm and clients:
- Keep software current. Patch all endpoint device operating systems, software and firmware as vulnerabilities are discovered. This attack exploits the Server Message Block (SMB) critical vulnerability, which was patched by Microsoft on March 14, MS17-010.
- Warn and educate users. Ransomware succeeds by tricking users into clicking malicious email attachments and links. Know how to spot phishing emails, avoid clicking on banners or unrecognized links, and only visit trusted sites.
- Back up files regularly to a safe place. If your data is encrypted by malware, a backup may be the only way to recover it. Use a backup facility that is either off your network or on a separate network segment at your location.
- Plan your response. Make sure your current Breach Response plan accounts for ransomware so you can shut down and/or contain an attack as soon as you recognize it.
- Stay informed. Keep up with cyber security news so that you can respond quickly and appropriately.