Ransomware Attack – what to look out for

You may have seen recent news on Friday 12 May 2017 about the large scale “Ransomware Attack” that affected many computer systems across the world.

Firstly, if you are unclear about what ransomware is – essentially it is a type of malicious software that encrypts all files on computer systems and demands payment to decrypt these and resolve the issue. This process would lead to potentially being unable to open any of your organisations files unless you follow through with the attackers advice. The Friday ransomware was a new variant that also attacked systems like a virus so therefore affected all computers within a network. This type of virus attack is on the rise unfortunately so we all need to be aware of the ways it can affect systems as the ramifications are potentially very serious.

The guidance below is designed to be sensible and often free steps that we can all take to ensure we are better protected. In terms of security there is always more we can do, we can invest in hardware firewalls, better security software, better setups to ensure we are protected etc but lets start somewhere!

Emails

It is believed that the delivery method for this ransomware/virus was via email and someone within an organisation clicking on an attachment or link. Ultimately stopping it at the source with good internal staff discipline is the best means. Our general advice for ALL emails with links or attachments in them is to proceed with caution when opening these. We would advise all staff following these steps.

….Use common sense – check in your own mind whether you know the person or are expecting the email. If you don’t know the person or organisation and they are sending you a link or attachment (especially Word Documents or Zip Files) then proceed with extreme caution.

…Check the way that words are being used in emails – if it strikes you that the email contains odd ways of phrasing of words and it contains links or attachments then it could be spam or it could contain a virus

…Is the person who they say they are? Modern spamming/virus techniques involve people sending an email reporting to be another person in your organisation or a person who you are familiar with. If an email does report to come from somebody but the phrasing of the email is odd or the request is odd then check the “From” address in the email. You can also hover over the email address listed in the “From” address field and this will tell you whether the person is who they say they are.

…Is the website link they are listing dangerous? Again hover over the link (don’t click!) and see if it is from the same “domain name” as their company name. Often spammers or virus attacks will include links in the email that are listed as different from their organisation name i.e. you may get an email reporting to be from Microsoft but when you hover over the link it will appear to be from a random website address not affiliated with Microsoft at all. If this is the case, we recommend NOT to open these. We recommend to be generally cautious when people are requesting you to click on website links. Attackers these days are often posing as genuine companies such as Apple, Microsoft, Amazon or major banks and trying to get you to click on links to change passwords or look at orders etc – be very wary around these.

…Proceed with extreme caution around any email attachments that include Word Documents or Zip Files. These are a popular virus delivery methods.

Websites & Pop Up Messages

Whilst the delivery method for this particular piece of malicious software was probably not a suspect website, it is still important to proceed with caution around websites or pop up messages you get on your computer. Proceed with caution when you are navigating around new websites or sites that wouldn’t be considered “mainstream”. Also be very wary when sites propose to install new software on your computer (if you have not requested it) – generally we recommend to stop this process immediately and close any Internet browsers you have open as this can contain malicious, or at best, problematic software. Websites with heavy advertising and lots of pop up boxes can often include malicious software.

Updating

One of the most important methods of stopping this particular attack any attacks in the future is to ensure your systems are up to date with Windows updates. See our guide in our help section on Turning on Windows Updates – http://www.suffolkonline.net/help/other/ 

Windows XP

Our advice now is that where at all possible Windows XP machines should be removed from day to day service. The risks associated with ransomeware and machines that Microsoft no longer supports is now too great. If you have Windows XP machines that you still use then it is critical that you download and install the special patch Microsoft has released to protect you against Friday’s ransomeware attack. You can find it here. Click on the download link and install the Security Update for Windows XP SP3 (KB4012598) item listed on this site. The same advice applies to Windows Vista which since April is now no longer being supported by Microsoft so no new Windows updates are available on this system. The Windows Vista update is also available from the same source as above. If you have no other option but to continue to use a Windows XP computer then please use extreme caution around emails and website addresses and where possible try and plan to remove these from service.

Backup & Anti-virus

Unfortunately even paid anti-virus software is mostly ineffective against these types of attacks, however our advice is to still have the best anti-virus you can afford and to ensure that it is up to date. Anti-virus software generally will update itself but if you are unsure then you can hover over the icon for your anti-virus system and check whether it is up to date or not.

Backup wise. It is important to have some sort of “offsite” system in operation, if you haven’t already. Whether it’s backing up to the cloud, another server, via tape which is then taken off site via disk and taken off site or by a simple memory stick – simply have a complete backup and taking this off site will ensure you are protected should the worst happen.

by Matthew Morling
IT Manager, Community Action Suffolk

Visit the CAS IT services website www.suffolkonline.net for more information about our services

More information about the ransomware threat on the Gov.uk website.

All information correct at the time of publication.

By Default Admin on May 22nd, 2017