WannaCrypt: How to protect your business against ransomware

Cyber security hit the headlines once again last week after ransomware known as WannaCrypt hit 48 NHS trusts, encrypting their computer files and stalling their operations in part of a wider cyber criminal campaign that has affected organisations in 150 countries.

Technology giant Microsoft said the attack should be a “wake-up call” for governments around the world, but WannaCrypt is just one of many ransomware threats that have been tormenting firms and individuals in the last few years. Here’s what you need to know to protect your business.

What is WannaCrypt?

WannaCrypt belongs to a family of malicious software called ransomware – or more specifically, cryptoransomware. When your computer becomes infected with cryptoransomware, the malware works methodically to encrypt your files, rendering them inaccessible and unusable.

From this point, your files can only be decrypted using a key held by the cyber criminals behind the attack. The hackers will demand payment – usually in the form of the cryptocurrency Bitcoin – to restore access, but there’s no guarantee that they will cooperate even if you do pay up.

Should I be worried about WannaCrypt and other ransomware?

In short: you should be worried about ransomware, and you should have been long before this attack. A lot has been made of the fact that WannaCrypt is an “international cyber attack”, but the truth is that these campaigns happen all the time and you need to take steps to protect your business.

Even if your business isn’t technology-focused, it can still waste time and money responding to a cyber attack. In a worst-case scenario, a successful cyber attack could cost your business a large sum of money, destroy its vital data, and leave its hard-earned reputation in tatters.

How does ransomware spread?

Cyber criminals frequently launch ransomware campaigns. They see it as an easy win: The malware is available to buy for a small sum on the Dark Web, it is easy to distribute to large numbers of people, and if even a few users pay the ransom then it can earn hackers a lot of money.

The most common way ransomware is spread is via malicious emails. Cyber criminals send huge numbers of spam emails to potential victims, trying to lure them in with realistic-sounding reasons to open an infected link or attachment – for example, by disguising it as an invoice or CV.

There are other ways to get infected – perhaps by inserting infected media like a USB stick, over a network, or by visiting an infected website – but malicious emails are the most common means of infection, and it pays to train your staff to spot them and report them. More on that a little later.

What should I do if my computer is infected by ransomware?

The most important thing to remember is that however tempting it may be, you should not pay the ransom. Handing over your cash to cyber criminals is no guarantee of getting your data back, and it simply encourages more wannabe hackers to launch campaigns to get a slice of the action.

It’s a good idea to disconnect the infected computer from the business network – ransomware like WannaCrypt can pivot and spread to other computers over networks. Also, be cautious about any USB sticks or other hardware that has been plugged into the victim’s machine.

You can check websites like No More Ransom to see if security researchers have made a decryption tool for the ransomware infecting your computer. If not, it’s likely you’re on your own. Hopefully, you can restore from backups – if not, you’ll definitely learn your lesson for next time.

How can I protect myself against ransomware?

The steps you can take to protect yourself against ransomware are similar to the general best practices that any cyber security expert would recommend for your business:

  • Stay up-to-date
    It’s thought that one of the reasons the NHS was so badly hit by WannaCrypt is that a large number of its computers still run Windows XP – an operating system that was released in 2001 and hasn’t had security updates in years. Run a modern operating system and promptly install the manufacturer’s patches. The same goes for all your other software.
  • Install security software
    Anti-virus software won’t keep your business 100 per cent secure – nothing can – but along with a firewall it will protect you against some of the most common threats. Just remember that if the cyber criminals come up with something new, it could take a little while for your vendor to add it to their anti-virus definitions.
  • Train your employees
    If you educate your employees properly, they can spot what your security software doesn’t. Make sure they know what to look out for (emails with poor English, suspicious from addresses, unusual links and attachments, etc.) and – just as importantly – offer incentives for them to report threats to your security team.
  • Prepare for the worst
    You can do everything right and still be breached. Make sure you have backups of all your important data so you can restore it if it is destroyed, and prepare an incident response plan so that your organisation can put things right in a timely manner without overlooking any crucial steps, and learn from what happened afterwards.

Matt Smith is a cyber security journalist and a graduate of the SANS Cyber Retraining Academy.
@MattCASmith | MattCASmith.net