The cyber security attack that started last Friday has dominated the headlines around the world. This reflects the power and reach of the latest mutation of malware spread around a connected world. Unfortunately, the recent ransomware outbreak may be the first of a new strain that we will see terrorising any computer connected to the internet.
Hopefully, you were not one of the victims held to ransom but that does not mean you may rest assured that it cannot happen in the future. As you read this, malware developers are building more complex and devious versions that will overcome current defences and countermeasures. This alert is intended to remind you to be vigilant and to apply good discipline on IT systems to avoid disruption and costly incidents.
A few reminders to defend against malware:
- Keep all systems up to date with latest security patches and replace outdated software that is no longer supported.
- Make sure that there is a firewall at the internet gateway to allow legitimate traffic to flow but keeps everything else out. Note that firewalls also need regular patching to keep them working effectively.
- Install antivirus software on PCs, mobile devices and servers, and get automatic updates to defend against the latest threat versions.
- Raise awareness with staff to make them vigilant enough to avoid falling for scams and phishing lures.
- Make sure that data is being backed up regularly and that there is tested disaster recovery plan in place for vital systems to be reinstated. Beware of backups that are active on the same network as these could also be lost to encryption by the same ransomware attack.
- Be prepared for the worst: establish a security incident procedure to minimise the damage and to recover quickly from an incident if it does occur.
Entities with systems that are critical to the wellbeing of the business may invest in more sophisticated defences such as Intrusion Detection Systems (IDS) to combat hacking; internal misuse and irregular activity. In fact, this type of organisation should be managing information security using a systematic programme – one that is likely to need more budget, going forward…
Ransomware has been used successfully over the last couple of years hitting targets using phishing techniques of bogus emails with attachments that look like familiar, innocuous files but hide a payload that encrypts all the files on the victim computer and asks for a ransom payment to get them decrypted.
The recent malware, also known as WannaCrypt, WannaCry or WannaCryptor 2.0, spread quickly and widely using a technique to jump from one computer to another connected on the same local network or to another one over the internet that does not have adequate protection against incoming attacks of this type.
The most vulnerable targets are PCs using outdated Windows versions such as XP; software that is not patched with the latest security updates; and networks that do not have a properly configured firewall keeping unauthorised traffic out.
PwC never recommends paying a ransomware - unless there is a threat to life. Doing so fuels the ransomware economy, funding development of additional ransomware techniques and campaigns.
Contact us
