You would have to have been living under a rock to be unaware of the latest news in IT.
Last week, many worldwide systems were victims of the malicious “WannaCrypt” (also known as “WannaCry”) ransomware attack. This attack locks the machine, encrypting all the files and asking for a ransom to be paid.
This has had wide-reaching and devastating consequences. According to Europol, there a have been a reported 200,000 victims of the attack across over 150 countries. This is easily one of the largest scale virus or malware attacks in years, if not ever.
The aforementioned victims have been varied. One of the highest profile casualties has been the NHS in England. This has affected 47 NHS trusts in England and 13 in Scotland, which equates to one in five.
As expected, this has resulted in considerable disruption due to the reliance on the NHS IT systems and patient data. This included several operations being cancelled and appointments and schedules severely affected.
Any disruption certainly was not limited just to the UK as organisations across the globe have been affected. Renault had to “shut down factories across Europe” in the wake to the attack. Hitachi are another who fell victim to the cyberattack, along with US global courier FedEx.
Ransomware is a particularly nasty form of virus or malware.
The reason it gets its name is that once infected, all files on the machine in question are locked and held to ransom. A message is displayed on the screen asking for payment – either in real currency or in bitcoin – for the files to be unlocked.
There have been a number of different examples of ransomware, just one example being the Cryptolocker virus.
All of these exhibit the same characteristics, with the virus preventing access to the machine and asking for a ransom to remove it. The message displayed will also issue a countdown timer threatening immediate action or all files will be deleted. This is a legitimate threat and one to be taken seriously.
Is it also worth noting that, like any virus infection, this can spread very quickly throughout a network and infect other machines.
As it currently stands on Monday 15th, there have been a reported 200,00 victims of the attack across more than 150 countries since Friday when the first reports of the infection started to surface.
There is still a concern that this number will increase with people returning to work and switching on their computers to find they have been infected.
It has been established that a vulnerability in certain versions of Microsoft Windows (Windows XP in particular) has been targeted by this virus. Microsoft have now released a security update to resolve this.
Microsoft have released the following information.
“Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers. Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.
Details are below.
• In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.
• For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt. As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider, that they are protected.”
The major anti-virus providers such as Webroot, BitDefender and Webroot have issued statements that they provide protection against the virus so if people have updated anti-virus software, they will be protected.
Another recent revelation is that a “kill switch” has been identified in the software, which has effectively halted the spread of the virus. A UK malware expert @malwaretechblog managed to investigate the malware and found that registering a particular domain would initialise the kill switch.
We have the following advice to ensure you are protected:
• Always ensure your Antivirus software is up to date – you can usually force a manual update as well, rather than waiting for a scheduled update.
• Always ensure your computer has the latest updates – whether that is Windows Updates, or MacOS updates. Again, if you are unsure when the last updates check/installation was performed, run a manual check.
• Ensure your servers are up to date – for Coretek clients, our ServiceDesk team have been working overtime to make sure this was done over the weekend, and we continue to ensure updates are deployed.
• Ensure any firewalls are switched on and have the latest updates installed.
• Don’t click on any rogue or suspicious links – whether they are on a web page or in an email sent to you. If you are in doubt, DON’T CLICK IT!
• Bonus Tip: Check your backups – hopefully you won’t have to resort to this final step but in the event of an infection, it is likely that you will need to restore from your backups. Don’t wait until getting the infection – check your backups now to make sure these are current. We also recommend carrying out test restores on a regular basis.
All advice suggests against paying the ransom. The main reason being that there is no guarantee that the files will actually be decrypted, even after paying the ransom.
As yet we have had no reported infections of this ransomware but you cannot be complacent and as such we will be going round each server, client machine and network to ensure the software and firmware patches are to the very latest levels.
We have strong security in place to protect systems for this very reason but we would ask you to please remain vigilant and be aware that most infections will come in through unsolicited email or bundled with downloaded software. If you unsure of anything please log a call with support for further investigation.
Our partners have issued statements relating to WannaCrypt/WannaCry informing that they offer protection against the attack.
SonicWall have released the following information:
“SonicWall Capture Labs identified this attack in mid-April and immediately published protection which was automatically downloaded to all SonicWall firewall customers with active security subscriptions. This occurred well in advance of today’s latest attack.
SonicWall firewall customers with active and properly installed Gateway Anti-virus security subscriptions (either standalone or as a subset of our Comprehensive Gateway Security Suite (CGSS) or Advanced Gateway Security Suite (AGSS)) are safe and are protected from WannaCry ransomware attacks.”
Our recommend Anti-virus solution, Webroot, have confirmed that they provide protection against this attack:
“As a Webroot customer, are you protected? YES. Webroot SecureAnywhere does currently protect you from WannaCry ransomware.”
This situation has brought up a considerable amount of debate and lots of questions have been asked on where blame should be apportioned.
Amid claims that the original tool was developed by the NSA, the chief legal offer of Microsoft stated “we need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
One positive of this situation is opening up a dialog on the importance of security. The virus targeted older operating systems, such as Windows XP which is now out of support. This shows the importance of keeping IT hardware up to date. It also highlights the importance of keeping Windows and anti-virus software updated.
So today is the 7th of February which also means it is the Safer Internet Day!
For those of you who do not know, Safer Internet Day is a day that aims to raise awareness on internet safety and to really promote it throughout schools. The day itself can involve guest speakers advising your students or group activities and lesson plans on online safety. The Safety Internet Centre want you to get involved this year by taking the Safer Internet Day Quiz or joining the #SID2017 Social Media Campaign! Take a look on their website to find out what else you can do to be a part of 2017’s Safer Internet Day.
Safer Internet Day has been created by the UK Safer Internet Centre. They are a partnership of three leading organisations: Childnet International, Internet Watch Foundation and SWGfL. Their main focus is to raise awareness to children and parents of a safe internet and also to provide advice and support to them. They also provide a support line which aides professionals who are working with young children with online safety issues. Lastly, they provide a helpline which is a safe place where people can report any dangerous cases, whilst remaining anonymous.
If you want any advice from your local IT support team, get in contact with us today to find out how you can make your computers extra safe for your students!
It’s that time of year again when Halloween has passed and we are all preparing for Bonfire night! But we need to make sure we keep safe this Bonfire night, so we have put together a few safety tips to ensure that you enjoy your night, safely!
If you want to find out more about what you can do to keep your family safe this November the 5th – check out the official website!
O2 and the NSPCC have joined together to create something magnificent. They have launched an app that has been made for parents to keep their children safe online.
It is very difficult to keep up to date on all the new social media networks and apps that your children are using. That is why NSPCC and O2 have put together a guide for parents on the latest social networking apps.
Net Aware is a guide for the social network’s that your children may be using. NSPCC and O2 worked with over 500 parents and 1,725 young people in order to review which social network sites were being used by children. The Net Aware guide has been specified for parents of children aged 8-12 years.
Each social media app that has been reviewed has its own individual guide. The guide consists of multiple sections on what parents need to know about these social apps. Included in the guide is what people are saying about each social media app, what the correct age is and whether the content is suitable for the age range of 8-12 years. Each guide also has some advice on how to approach your child to talk about these issues surrounding social media.
Net Aware was originally launched in January of 2015 and has now had a re-launch in order to include the latest social apps! Coming soon will be the Net Aware App which will be available to download from Google Play or iTunes.
Take a look at the guide here – http://www.net-aware.org.uk/
Black Friday is originally an American tradition that takes place on the day after Thanksgiving. It was introduced into the UK through ASDA and Amazon. Many other retailers have since rapidly jumped on board with the major sales. Black Friday is referred to as “One of the most important shopping days of the year”.
Retailers traditionally operated at a financial loss for the majority of the year, whilst the holiday season was when they gained their profit. This began the day after Thanksgiving. These profits would be recorded in the financial records. Where the accountants used red ink meant a loss of money, but on this day the red ink would then change to black ink to show profit. Therefore, hence the name ‘Black Friday’, and this day is the day that retailers would no longer have losses for the duration of the holiday season.
The Black Friday deals have not been restricted to just one day, you had Orange Thursday yesterday and deals can still be found up until Cyber Monday (Monday 30th November).
You can find deals throughout all high-street stores and all over the internet, but be careful as everyone wants the same deals as you do. It is known that with the deals that Black Friday brings, comes violence and crime. So we have provided you with our top ten tips on how to keep safe on Black Friday.
But don’t let these drawbacks stop you from shopping! Take into account our safety tips and enjoy all the deals that Black Friday has to offer.
Whilst you are browsing through all the Black Friday offers, why don’t you look for something new for your business? Coretek, as a Dell Preferred Partner, are pleased to announce the latest user PC available from Dell. Dell’s new OptiPlex 3040 is an essential business desktop with ‘best-in-class security and manageability in a new, space-saving design.’ You are going to get the essential performance for the lowest entry price for a commercial desktop. This OptiPlex is available in Mini Tower (MT), Small Form Factor (SFF) and Micro From Factor (MFF) and has a robust ecosystem which includes multiple mounting options for MFF.