The past week has sure been an interesting time, statrting with the British National Health service being taken down hard by the WannaCrypt or WannaCry ransomware and it all snowballing from there.
WannaCry, and some related threats going around at the moment, are the latest in a series of events we’ve been monitoring, and is the culmination so far(!) of a theft of United States CIA/NSA infiltration material by a group calling themselves the “Shadow Brokers”. They’ve been publicly releasing CIA/NSA tools to attack PCs and ICT infrastructure.
The stolen NSA tool that WannaCry uses to infect PCs is called EternalBlue.
Shadow Brokers are threatening to both release more (and indeed have done so), and are rumoured to be selling even more tools to the highest bidder. So there’s a good chance this is going to get worse.
We’re happy to say however that we made sure that our managed ICT customers have been protected from the WannaCry / EternalBlue threat since early April, and we’ve been closely monitoring customers’ systems for any suspicious activity, just in case.
Ransomware in general is also defeated by a good backup system – where copies of the backups are stored well away from the reach of ransomware that you can simply restore so you don’t need to pay any ransom – our SiriusCloud service has this built-in – anything you store on SiriusCloud has a history kept so you can roll back changes, and every night your data is safely backed up to outside discs at our office which are encrypted and in a special fireproof and floodproof chassis.
We’re also pleased to report that ESET Smart Security, which we supply as part of our ICT management service, has been tested and found to be one of only three protection products that successfully blocked the security exploit that WannaCry uses to get in. We’re very happy with this result.
But there’s more going around – WannaCry has been the one to hit the news because of its high-profile impact, but other threats relating to these CIA/NSA tools and exploits have been doing the rounds too. Plus, as if there weren’t already enough going on, this week from left-field it was revealed that HP had accidentally shipped a key-logging tool with many of their laptops in the past year. Some of our managed ICT customers who had bought these HP laptops were caught up in that one but we’ve now deployed an update which has got rid of the offending files.
WannaCry has been the biggest and highest-profile hack in some time, but with the current landscape, it looks like there’s a good chance that worse is yet to come.
Antivirus software doesn’t cut it on its own anymore. Make sure you have proper internet security software (or hardware) protecting your ICT gear. And make sure it’s good. If you buy cheap (or free), you get what you pay for.
But don’t rely on security software as a sole line of defense. Make sure your systems, anything you have from cloud infrastructure to onsite servers to your own laptop is both kept fully up to date with security patches, and is fully backed up.
Test those backups, too. If you are not able to access a backup of a file you deleted from your laptop last Thursday, without touching your actual laptop, then your backup service has failed you and you need to look at other options.
We’re always available for advisory services if you need any help with this – feel free to get in touch.