NHS cyber-attack: What is ransomware and how can we protect against it?

Posted by es328 at May 15, 2017 03:50 PM |
Dr Athina Karatzogianni, Associate Professor at the School of Media, Communication and Sociology, explains how to stay safe online following large scale cyber-attacks

Think: Leicester does not necessarily reflect the views of the University of Leicester - it expresses the independent views and opinions of the academic who has authored the piece. If you do not agree with the opinions expressed, and you are a doctoral student/academic at the University of Leicester, you may write a counter opinion for Think: Leicester and send to ap507@le.ac.uk

Businesses, home computers and government organisations running Microsoft Windows XP, for which Microsoft ceased support in 2014, but released patches, remain vulnerable since Friday’s ransomware attack on May 12. The virus took control of users' files and demanded $300 (£230) payments to restore access, threatening to delete files if no payment is paid. The so called ‘WannaCry’ or ‘Wanna Decryptor’ ransomware attack affected 61 NHS organisations across the UK, telecoms and gas companies in Spain, FedEx in the US, Renault factories in France and the Russian interior ministry among others. Overall, it affected 150 countries so far and 200,000 computers world-wide. The virus exploits a flaw in Microsoft Windows identified by, and stolen from, US intelligence.

What is ransomware and how can we protect against it?

Ransomware is malicious software, i.e. viruses, worms, Trojan horses, which exploits vulnerabilities to initiate and spread an attack. Two types of attack exist: one that encrypts the files on a computer or network and another type that locks a user's screen.  In the most common cyberattacks, cybercriminals use ransomware threatening to destroy your computer files or your reputation unless you pay a free. When a computer is infected, the ransomware contacts a central server for the information it needs to activate, and then begins encrypting files on the infected computer with that information. It encrypts or scrambles your files, which can only be decrypted if you pay the cybercriminals a ransom. Ransom is usually requested in a cryptocurrency such as bitcoin.

If you switch on your computer and request of ransom is received, the best advice is NOT to pay this ransom. There is no guarantee that the key or password to unlock the computer will be sent to you if you pay the ransom. In the UK, see advice from http://www.actionfraud.police.uk/ Emergency line 0300 020 0964.

What to do to protect yourself or your business if you are running Windows XP and general advice to be safe online:

  1. Run a Windows update and deploy patch MS17-010. A new patch has been made available by Microsoft.
  2. Make sure your anti-virus and internet security software is always up to date. If you do not have this there are various options on line and you need to download one immediately.
  3. Always back up your data on an external drive or on cloud services.
  4. Do not open attachments when you do not know the sender, contains misspellings designed to fool spam filters, subject line and content do not match, and generally makes an offer too good to be true. Especially be aware of emails posing from your bank or other trusted sources requesting to click and provide personal information. Do not click reply or remove to unwanted mail. Make sure your mail provider includes spam filtering and it is switched on.

Share this page: