On May 12th, hospitals, companies, universities and governments across at least 150 countries were hounded by a cyberattack that locked computers and demanded ransom. It used a susceptibility in Windows that allowed it to infect target computers without any action taken on them.
Over the May 12th weekend, Europol officials said that some 230,000 computers had been hit by the malware. Chinese state media reported that 40,000 businesses and institutions have been affected, and Britain’s health care providers (NHS) had to turn patients away for the weekend while they recovered from the malware attack.
What is ransomware?
It is a malicious software which holds a computer hostage (by encrypting all its data) and offers a decryption key in return for a ransom, which is paid in bitcoins to keep the identity of the cyber attacker hidden.
For the recent ransomware attack the ransom demanded ranged anywhere from $300 – $1000 per machine.
How is ransomware delivered?
Most ransomware is delivered to computers through phishing emails, which are fake emails that contain the infected attachment or link. An unaware or careless user who opens and acts on the email launches the ransomware attack.
There are two types of ransomware:
- Encryptors – which use advanced algorithms to block system files and ask the victim for a ransom to decrypt them. These types are most widespread and pose the greatest, most worrisome cyber threat currently.
- Lockers – which locks the victim out of their operating system making it impossible to access the desktop or any files on it.
In both cases the virus encrypts and locks the computer and prevents the user from accessing it unless a ransom is paid. The initial payment amount increases if it isn’t paid within a stipulated period, along with a warning that all data will be destroyed for non-payment after that.
Doesn’t antivirus detect it?
Many would think your antivirus software will protect you, but if you do not have a genuine, paid antivirus or if you downloaded your version for free, it is useless to combat malware. Common antivirus software is often not sophisticated enough to protect from the latest forms of malware.
Even a valid, paid antivirus software cannot catch all viruses and ransomware uses several evasion tactics that allows it to:
- Go undetected by antivirus products
- Bypass cyber security researchers
- Stay hidden from law enforcement agencies
Awareness and prevention is the best security strategy when it comes to ransomware.
It is easy to attack home users because most of them don’t have backups and will pay to get their important data (pictures, important documents, etc.) back. Users are not aware of and are not protected by cyber security solutions and they rely solely on antivirus software, which doesn’t protect them from ransomware.
Businesses are good targets because the malware can affect multiple machines which are on the same network, causing a domino effect and major disruptions. Many businesses don’t maintain good security protocols and won’t report the attack for fear of brand damage and bad PR. Importantly, businesses are better targets to demand money from.
Backup your data
It is a good idea to have at least two backups of your critical data so that in the event of an attack you have the means to restore your information without paying a ransom.
Backups can be done on external drives (which are not connected to the internet), USB drives, and if you use cloud storage, you can save a backup there. When using the cloud, make sure your files are not always set to auto sync, because that runs the risk of transferring infected files.
Update your PC
The current attack was on systems running old Windows operating systems, like Windows XP. Make sure you invest in updating your system and install all the updates regularly.
Install the official Windows patch (MS17-010) https://technet.microsoft.com/en-us/library/security/ms17-010.aspx, which closes the SMB Server vulnerability used in this ransomware attack.
Use cloud-based SaaS digital workplace solutions
Cloud-based solutions are externally hosted applications, where the vendor handles everything related to storing, backing up and securing your information. Cloud solutions and SaaS providers invest heavily in security solutions and are up to date on latest security threats, protective tactics and best practices. They have the means to keep your data safe from hackers and cyber criminals.
Also, businesses are moving towards business communication, collaboration, and productivity tools. Many are doing so to innovate and modernize the way they work, support mobility, improve productivity and efficiency, and keep up in a digital world. However, these tools and applications also have important security benefits as well.
- Communication, messaging, and chat apps – These apps not only seek to replace the inefficiencies of email, but also keep all of your communication in one secure place. These apps provide more efficient and real-time communication and are less prone to phishing tactics sent via email to spread malware. These apps are less exposed to external threats and less accessible to outsiders. Also, as another form of security, they keep your ideas and knowledge in one go-to place for your business and employees. Apps such as Slack, Connect by eWorkplace Apps, HipChat, Microsoft Teams, and Workplace by Facebook serve this purpose.
- Intranet – Intranets on the cloud keep all of your documents and content in one secure place. Also, being on the cloud, SaaS-based intranets are generally safe and secure and are regularly updated by the product vendor. Thus, these intranet products are equipped with the latest security updates with little to no maintenance required on your end and keep all your documents and information in one central, secure place.
These are just a couple of important tools that more and more businesses are moving towards, and in the event of a malware attack, these businesses can sail through more easily since their business and communications are not impacted.
How BizPortals 365 Can Help
BizPortals 365 is a ready-to-go intranet solution that is built on Microsoft SharePoint and Office 365 (now renamed Microsoft 365). Along with offering enterprise-grade security features, regular software and security updates, and the advantage of your data being stored in the cloud, it also has the following benefits:
- Secure Access: BizPortals 365 is an internal intranet, which only your staff has access to. It is innately less exposed to external threats because it is not as easy to access like email. This prevents external users from coming in and infecting files.
- Information Repository: BizPortals 365 brings your critical information and business functions in one place. With pre-built modules for Document Management, Team Sites, Project Management, HR, BizPortals brings critical parts of your business together in one secure place. With integrations to your business systems (i.e., CRM) and Microsoft Office 365, you can also bring in and protect critical data from other parts of your business. Thus, your documents, data, reports, company policies and procedures, communication, projects, product ideas, and employee information can be stored, organized, and managed in one secure place.
- Broadcasting Tool: With BizPortals 365’s Employee Center and News & Announcements feature, important messages, such as software updates or alerts about malware threats and precautions the staff should take can be announced and distributed in one central place with notifications. All without having to rely on email.
To conclude, cyber-attacks are on the rise, hackers are using more sophisticated techniques to cause disruptions in our day-to-day lives, and they are not going away anytime soon. So, be prepared, be vigilant, and use the prevention methods discussed in this article to keep your business and work as threat free and as productive as possible.