Scottish businesses are being urged to focus attention on updating IT systems – after it emerged that the recent ransomware attack took hold because routine software updates were ignored or put off.
The cyber security team at the Scottish Business Resilience Centre (SBRC) is calling on firms of all sizes to use the WannaCry attack as a wake-up call.
Chief Ethical Hacker at the centre, Gerry Grant, said: “Thousands of computers were infected with the ransomware – and it was able to have such an impact because routine preventative measures had not been taken.
“We can’t recommend the practice of habitually updating systems, however disruptive or inconvenient at the time – as soon as those updates become available.
“It can be too easy to put this off and click the ‘remind me tomorrow’ option. Unfortunately it can take a highly publicised attack such as this to affect behaviour.
“We say it so often, but the prospect of a cyber attack can be incredibly daunting for the less tech-savvy and the temptation can be to bury heads in the sand.
“In reality, the simplest of measures such as those outlined in the Cyber Essentials scheme will put off the vast majority of criminal hackers – who tend to cast a wide net.”
The SBRC has recommended the following preventative measures for all businesses:
· First and foremost, check that all Microsoft Updates have been applied. If your IT is managed by external specialists, be sure to ask these questions as soon as possible.
· Microsoft issued a patch to close the vulnerability that allows this virus to spread in mid-March. This update is called Microsoft Bulletin MS17-010 and details can be found here: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx.
· Make sure that any anti-virus software that is being run is kept up to date and regular scans are being run on your system. Ransomware can sit idle on a system for a few days or weeks before becoming active and encrypting your files.
· The next step is to ensure that you have a recent backup in place. If you have an IT supplier check that they are conducting regular backups of all your systems and these are NOT connected to your network as ransomware will try to affect all systems connected to the same network.
· If hit by ransomware, the only way to be 100% guaranteed to get all of your files back is to restore from the most recent backup.
· It is not only Windows XP machines that are vulnerable to this virus, all machines running Windows operating systems that have not had the security patch issued in March are vulnerable.
· Check if your network uses the SMBv1 protocol. This is a more technical question, but it is the way in which this virus is spreading across a network. SMB is a protocol that helps computers share files and documents across a network. This protocol is outdated and newer versions are available.
If you have already been infected with the virus:
· Disconnect the network cable to help prevent further spread of the virus across the network. It will then be necessary to “re-image” the machine. This involves re-installing the operating system, applying all the necessary updates and then restoring to from a backup.