In May 2017, an ominous message greeted workers in the UK’s National Health Service (NHS): “Oops, your files have been encrypted!”
This is how malware known variously as WannaCry, WannaCrypt or WannaCryptor 2.0 announced itself to the wider world. With systems locked and critical files encrypted, doctor’s surgeries had to close and hospitals turned patients away from essential treatments.
How did this happen? Security experts believe an NHS user clicked a link or opened a file they shouldn’t have. Others pointed the finger at the NHS’s network of antiquated hardware and unsupported software as the main factor that facilitated the spread of WannaCry.
The worm spreads
Distributing ransomware isn’t hard. This type of malicious software is easy and cheap to spread. In the case of WannaCry, and its related variants, it can infect connected systems without any user interaction, much like a worm that continually replicates itself. The victim then has a powerful incentive to pay up and, if they don’t, the criminals’ investment has been minimal.
The victim then has a powerful incentive to pay up and, if they don’t, the criminals’ investment has been minimal.
Why is healthcare vulnerable to ransomware?
Hospitals and other organisations in the healthcare sector are attractive targets, specifically because of the:
- Ageing hardware, software and security systems that they often run.
- Misconfigured systems, specifically security software that is easy to bypass.
- Valuable data they hold, including sensitive patient health records and personal information.
Should you pay hackers a ransom?
Cybersecurity experts advise against paying a ransom to hackers.
In the first instance, there is no guarantee you will gain access to your encrypted files. An Australian study found that close to a third of affected organisations who did pay failed to recover their data. Paying may also encourage the criminals to continue their activities, and they could even re-target your organisation.
How to stop ransomware infecting your organisation
Like any infection, prevention is better than cure, especially when it comes to the security of your network. Even if you are dealing with a tight budget, skeleton IT staff and minimal cybersecurity expertise, you don’t necessarily have to spend big to ensure your network remains free of malware like WannaCry.
Your users should be the first line of defence. If employees don’t know what to look for, how can you hope to remain malware free? As a matter of priority, you need to:
- Train your staff so they know how to identify phishing attacks that could contain malicious ransomware.
- Ensure your organisation is running updated software with the latest security patches.
- Regularly back up your systems to physical sources and the cloud.
- Have a clear email security protocol that discourages users from clicking on suspicious links, attachments or emails.
- If a computer is infected, isolate it from the network and alert all staff.
- Invest in hardware that’s up to the task of warding off threats.
Ransomware is constantly evolving, so it’s a case of mitigating the threat to ensure your networks, data and reputation aren’t compromised.