What You Can Learn from the NHS’s Ransomware and How To Protect Yourself

Petya Update 28/06/17:

A new strain of Petya ransomware is spreading rapidly across the world. This attack is using the same exploits as WannaCry, and even early conservative reports are suggesting many thousands of infections across the globe, each one another transmission vector helping spread the attack faster.

This attack is much more serious than WannaCry was. WannaCry had a killswitch, and was quickly defanged – Petya has no such easy solution, and the encryption email address has been disabled meaning you cannot even pay to get files decrypted once infected.

Petya is dangerous, but it is remarkably easy to protect against. Kogo’s MD Martin Bannister wrote about protecting yourself against these attacks when WannaCry became a threat in the post below, and it is just as accurate today. Scroll to the bottom of the page to request our free Stop Ransomware booklet, which provides useful info on protection, prevention, and disaster recovery.

Original Post:

I have been asked, following on from the ransomware outbreak at the NHS, to offer some advice on best practices for SMEs to protect themselves and what I feel the NHS trusts could have done to protect themselves. I know NHS Digital has just been launched but it seems to me each trust has been managing its own IT. This is very similar to most companies in the private sector. The vulnerabilities that were exploited in the NHS are present in many companies; it is important to stress the recent attacks were not targeted at the NHS as is being reported in the press; this ransomware is out there! It was reported that 7 of the NHS trusts spent nothing on cybersecurity and the rest on average spending only £22,000 each; it looks like antivirus protection was the only investment. The problem is many businesses in the private sector are the same, all too often they invest after an event just like the NHS is about to do.

There isn’t a guarantee with cybersecurity but if you are smart with your solutions you can minimise risk. You need to assess cybersecurity in layers.

Email

91% of attacks begin via email, so you should be using an email security package that sandboxes attachments and links to ensure the email delivers only safe email to the end users such as Mimecast.

Endpoint

The next layer of protection should be on the endpoint and you should be using antivirus that uses heuristic protection as well as signature-based detection. It should also have ransomware detection built in too, like Trend Micro’s antivirus offering. I recommend making sure all computers have applied all Windows, Java, and Adobe patches as well; the WannaCry ransomware was able to exploit a vulnerability in many unpatched systems to spread itself quickly. You can use additional threat detection applications such as WatchGuard’s Threat Detection and Response (TDR). Additionally, you can configure application control to ensure only trusted applications can run on end user devices. This does cause a headache for smaller companies but for an organisation such as the NHS they should lock down the computers as much as possible. Some malware utilises Windows programs to deploy their malware so this isn’t always fool proof.

End User

As always with all this protection someone could still click an infected link. End user training is extremely important to minimise the risk of clicking on emails, landing on infected webpages, and other threats such as unprotected memory sticks. WannaCry, the ransomware package that exploited the NHS, amongst others including Nissan, Renault, and Fedex, was spread via various means including phishing emails; meaning with a little training the users who originally got infected could have known not to click the link and a lot of downtime could have been avoided. Training alone is not enough however, and users will always be susceptible to devious enough attacks, so email management and protection services such as Mimecast, discussed above, will significantly improve email security even for trained users.

Perimeter

The next layer would be the perimeter such as the firewall and Domain Name System (DNS). This should monitor where the internet traffic is going and perform advanced persistent threat detection, intrusion prevention, botnet control, application control, and antivirus to give the network some additional protection. Devices such as WatchGuard UTM devices can provide this protection.

Disaster Recovery

If all protection fails, and it could as there is no guarantee with cybersecurity, a comprehensive image based backup which backs up at least hourly and replicates offsite is crucial. You can even spin systems in the cloud. If you can’t recover your data quickly and confidently you would need to pay the criminals their ransom. We recommend StorageCraft’s ShadowProtect to protect Windows and Linux systems. You could even back up every workstation if required. In the recent attack on the NHS, if each trust had had a disaster recovery system in place they would have been down for minutes or hours, not days.

Disaster Planning

Planning is also an important step. New threats come out all the time and most vendors bring out features to counter these threats however they are not always configured automatically. You should constantly review your security products and new threats to ensure your systems are fully protected. You should of course regularly test your disaster recovery processes as well.

Need More Help?

Kogo are specialists in cybersecurity and providing advice and solutions to small and medium businesses. If you are concerned that you might not have everything covered please get in touch at 01342 333000 or at [email protected]

Wait! We’ve written a booklet on exactly what ransomware is and how you can protect yourself against it, and we’re giving it away for free! If you want to ensure you never fall victim to WannaCry or other ransomware, fill out the form below and we’ll rush you a copy of our Stop Ransomware booklet!

[caldera_form id=”CF5965e27217fae”]

What You Can Learn from the NHS’s Ransomware and How To Protect Yourself

Latest posts

Contact Us

What You Can Learn from the NHS’s Ransomware and How To Protect Yourself

Share this entry

Latest posts

Contact Us