We’ve all seen the media coverage of the latest ransomware attack – not least because it hit one of the UK’s biggest institutions – the NHS. Headlines have focused on operations being cancelled and hospitals sending patients home. So what was the attack, what damage did it do – and should you be worried?
The first signs started on the morning of Friday 13th May (not so lucky for some!) with large corporate breaches across the world, and soon spread across NHS organisations in the UK. Late in the afternoon an anonymous researcher managed to hit a ‘kill switch’ for the attack, by registering a domain that stopped it in it’s tracks.
It appears that the onslaught targeted vulnerabilities in the out of support Windows XP OS, as well as all subsequent OS’s plus Windows Server 2000-2016. Windows has released a patch for this vulnerability, including Windows XP, and Microsoft users should update their software as soon as they are able.
So – should you be worried? Well, if you are still running Windows XP – yes! Maybe you also have servers running Windows Server 2003 for which extended support has also finished. These machines are now extremely vulnerable to attack, and it’s only because of the scale and nature of the attack that Microsoft released a patch. However, there are still many smaller attacks that regularly target these machines, and users should upgrade as a priority.
For users of other systems – now really is the time to examine your security policies and how they are implemented. We’ve advised our clients to undertake a full review of their IT infrastructure to identify vulnerabilities so we can ensure that everything is protected as it should be. It's clear that hackers are really starting to up their game, and we can expect further large scale disruption over the coming months. Extended support for Windows 7 ends in just over two years time - does your business have a plan in place to upgrade?
Critically it's not just your desktop computers, but your servers, and even your mobile phones that you need to ensure are properly managed and upgraded. The number of points of entry for malicious attack may have increased, but with the right tools and security practises, the risk can more easily be managed.
To find out more about how Intrepid can help you manage the security of your IT, visit www.beintrepid.co.uk.