Cyber Security News

Cyber Security Alert!

Ransomware Cyber attack– what you need to know

Ransomware attack has spread to 150 countries

Since its discovery on Friday (12 May 2017) afternoon, the WannaCry ransomware attack has continued to spread this weekend, impacting over 10,000 organizations and 200,000 individuals in over 150 countries, according to European authorities. However, while measures have been taken to slow the spread of the malware, new variations have begun to surface. There could be further ransomware cases this week after the global cyber-attack. In light of these attacks, what is ransomware and how can organisations and individuals protect themselves from such attacks?

What is ransomware?

Ransomware is a malicious program that locks a computer's files until a ransom is paid. The WannaCry virus takes control of users' files and demands a $300 (£230) payment to restore access. It exploits security flaws in Microsoft computers, and once it infects a computer, it encrypts the files and spreads to other computers. Victims receive a demand for a payment of $300 in Bitcoin in order to regain access.

How can organisations and individuals protect themselves from such attacks?

Ransomware exploits security weaknesses in computers. For organisations to protect themselves from such attacks they should ensure that their antivirus and patch management processes are effective. Antivirus software can detect and block viruses before they infect your computers and patches are security updates that addresses fixes weaknesses in your computers that can be exploited by viruses. Organisations should consider the following counter measures:

  1. Ensure that the latest security updates and patches are applied on all computers and systems in their network. Updating software should be done regularly not only when there is a threat. In a blog post, Microsoft stressed the importance of doing this, writing: "As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems.”
  2. Ensure that antivirus and anti-spyware software’s installed on all servers and workstations
  3. Ensure that the antivirus and anti-spyware software have up-to-date definitions (ideally have a central antivirus server that downloads the definitions regularly and deploy them across the network to all computers).
  4. Ensure that email gateway is configured to scan for malware, spam and spyware on all incoming and outgoing emails
  5. Ensure that email gateway is configured to block all suspicious attachments e.g. executable files
  6. Block accessing of malicious websites and downloading of suspicious files
  7. Ensure that computers are configured to auto-scan for malware and spyware when external or portable media e.g. Memory sticks, hard drives are connected
  8. Conduct periodic security aware training – educating employees against opening suspicious attachments, accessing malicious websites
  9. Implement disaster recovery and backup policies and procedures to ensure effective restoration of your critical data in cases of attacks, thus minimising impact on business operations
  10. Backup up critical data and keep it offline and separate from the network in case ransomware spreads
  11. Conduct periodic vulnerability and virus scans to detect security weaknesses and infected machines

How can we help you?

At SNG we advise our clients on how to effectively manage cyber-risks, highlighting measures to secure and protect information stored and processed on computers.

Contact

Benjamin Martins

Benjamin Martins

omartins@sng.za.com

Head of Integrated Technology and Governance Solutions (ITGS)

Benjamin Martins

Kudawashe Charandura

Senior Manager – Cyber Security

kudac@sng.za.com

For further information you may contact info@sng.za.com