Update: Global Cyber Attackstephensit
Important update regarding malware outbreak
Release Date: 15 May 2017
Friday’s ransomware attack on systems across the globe has caused significant disruption and downtime for any affected organisation. The attack was primarily made up of a variation of a ransomware application, namely called WannaCrypt or WannaCry.
Ransomware is a type of malicious software that carries out cryptoviral extortion. This software blocks access to your data until a ransom is paid. Usually a message is displayed requesting payment to unlock the data.
We advise customers to remind all staff to remain vigilant and to never open attachments when an e-mail is from an unknown source.
At the moment, little is known about the actual primary source of the infection that occurred on Friday, but it’s likely that it will have entered via one of the following means;
- Legacy Systems and Applications– Many old operating systems, both desktop and server, are no longer supported by Microsoft and other vendors and as such receive no patches or security updates. You would receive these should you have a newer supported software version that is set up to receive updates and these updates would give very basic protection to flaws in software products. The infection may have taken advantage of these known vulnerabilities and used these to spread throughout the NHS network.
- Poor Patching and Updates– Even if newer software systems were in use then it may be the case that they haven’t been patched and updates maintained in the correct manner.
- Phishing/Spoof Emails– Many of the attacks we see are delivered via emails carrying links or attachments which can fool the user into taking actions (downloading a file or clicking a link) that may allow the infection to occur.
- Web Browsing– The act of browsing to sites that carry malware and other types of malicious software packages and then allowing these to be downloaded to your machine.
- Targeted Attack– This is a specific targeted attack against the specific organisation or network attempting to gain access through what’s called a ‘brute force attack’, trying to expose security weaknesses.
Windows desktop and server machines are the systems at risk. Machines with Windows OS that are currently under mainstream support with Microsoft (Windows 7 and newer, Server 2008 and newer) have a patch which was made available in March. Devices supported by Stephens IT have already had this patched installed as part of the normal update schedule.
If you suspect you may have been impacted by this attack or are vulnerable to it, please call our support team on 0844 357 0900 to raise a ticket for assistance.
We will be providing a further update on 17 May 2017 with advice and notes on mitigating ransomware attacks for your business.