What can we learn from the largest ransomware attack in history?

Posted by on May 15, 2017 in Industry, Security

Ransomware-Attack-Blog

By now, almost everyone will be aware of the recent ransomware attack that left thousands of computers unusable in over 100 different countries including many at the NHS. If you are one of the many people who were affected, we hope that you have backups of any important files. Our advice would be to not pay the ransom. It is very unlikely that, even if you pay, you will be able to recover your data.

Perhaps the most shocking thing is that this attack could have been prevented. Read on to learn how you can prevent this sort of thing happening to you in the future.

What is ransomware?

In its most simple form, ransomware is any computer malware that holds you to ransom. It normally does this by encrypting your hard drive and all of your files which makes reading them impossible. You will normally be presented with a message telling you that if you make an anonymous payment, you will be sent a password that will allow you to get your data back. We highly recommend that if you get a message like this that you don’t make the payment.

How could it have been prevented?

As mentioned earlier, this attack could have been prevented. The attack exploited a vulnerability in the Windows operating system that had been fixed – Microsoft released a patch for the vulnerability months ago and those who had installed the update were protected from it.

So, to answer the question:

How could the attack have peen prevented? It could have been prevented if computers had been kept up to date!

What can we Learn?

This particular vulnerability was found in Microsoft’s Windows operating system. Unfortunately, if people are determined to look hard enough, vulnerabilities can be found in most large pieces of software. Malicious hackers are more determined to find vulnerabilities in software that is widely used because it provides them with a greater number of computers to attack.

It is, therefore, vitally important to keep your computers up to date. Most well maintained software will have regular updates; some of these updates provide new features, while others provide fixes for bugs or security vulnerabilities.

This also holds true for your website. WordPress, the open source content management system we use to build most of our websites, receives regular security updates. If those security updates aren’t installed, your website can be left vulnerable.

We recommend that all of the websites we maintain are updated, as a minimum, 4 times a year (about once every 3 months). This means that most bug fixes are applied in a timely manner. Occasionally, a major security release will be announced. When this happens, we will recommend that all the websites we support are updated as soon as possible. If you are on a support contract, we will do this for you automatically under your allocated time.

It is not just the core of WordPress that can be vulnerable, there are sometimes vulnerabilities found in themes and plugins. This is why we minimise our reliance on 3rd-party themes and plugins and prefer to use our own Aquarius framework instead. The few 3rd-party plugins that we do use are all well maintained and receive regular security updates.

How could the affects of it be minimised?

Unfortunately, with all the best intentions in the world, sometimes things can go wrong. Computers can be attacked before security updates are applied (as was the case for this particular attack) and occassionally computers just break. Even if you have been fortunate yourself, most people know somebody whose computer has died and they have lost important files.

The most effective way of protecting yourself from these attacks is to back up your data. We all know we should do it but we are amazed by the number of people who assume that they will be OK. Large storage hard drives are cheap now. Our recommendation is that for anything you cannot afford to lose (family pictures or that novel you’ve been working on for 3-years), you should try to have at least three copies, each in a different geographical location.

Our hosting provider of choice takes a full backup of our websites four times a day. This means that at any point, if your site is compromised, we can restore it to a previous point in time. If you want to know more about your website backups contact Matt.

What should you do if you are a victim?

Unfortunately, these ransomware attacks can be very sophisticated. If your hard drive has been encrypted well, it is very unlikely that you will be able to recover anything.

As stated previously, we strongly advise you to not pay any ransom demand. Bitcoin, the virtual currency that most ransomware asks for, is anonymous. This means that, if you pay, there is no reason for the attacker to unlock your computer and there is no way for you to get your money back either.

If you search for something along the lines of “remove ransomware”, you will find hundreds of results for pieces of software that claim to be able to help you out. We would not suggest using these either. They are small-scale scams taking advantage of the large attack – even the ones that are free will ask you for money somewhere along the line and none of them will be able to crack the encryption used by these attacks. If they could, it would be headline news as it is a variation of the same encryption used by military and security agencies around the world.

If you haven’t made backups, then there is very little you can do. You should power off the machine (forcefully if necessary) as soon as possible. It is possible that, in some cases, you will be shown the message before the hard drive has finished being encrypted. You should then consult a data recovery expert to see if there is anything they can do.

You should also make sure that your computer is disconnected from the network. That way, it won’t be able to send the virus on to any more computers.

Conclusion

If you take nothing else away from this blog, please consider these two points:

  1. Updates are important: If you keep everything up to date, you will be much less likely to become a victim of an attack like this.
  2. Make regular backups: That way, even if the worst happens, you should be able to recover most of your data.

If you are unsure about the strength of the security on your website, please contact Matt who will be happy to help.