DOMINIC POWELL / Tuesday, May 16, 2017
The “WannaCry/WannaCrypt” ransomware attack that swept across the globe over the weekend, infecting thousands of computers and locking down users’ files, has started affecting Australian businesses.
This morning Minister Assisting the Prime Minister for Cyber Security Dan Tehan revealed 12 Australian small businesses had been hit with the ransomware attack, and more are expected to emerge as the week progresses.
Read more: Aussie SMEs urged to update their systems after huge “WannaCry” ransomware attack
“This ransomware attack is a wake-up call to all Australian businesses to regularly backup their data and install the latest security patches.” Minister Tehan said in a statement.
“Small business owners should be pro-active about their cyber security in the wake of this ransomware campaign affecting computers around the world.”
Although inroads have been made to combat the attack, the malicious software continues to spread, taking advantage of an exploit found in unpatched versions of Microsoft Windows. Currently, the hackers have recouped a total of $US59,061 ($79,522) in untraceable digital currency Bitcoin, an amount which continues to increase as more users cough up the $300 ransom to retrieve their files.
These attacks can hurt not just your wallet: They can also cause unnecessary stress and affect productivity. Experts have advised businesses to respond quickly if affected, and make sure their systems are protected from this attack.
Here are four ways to protect your systems from this latest strain of ransomware.
1. Update your system immediately
The attack takes advantage of a critical exploit in older versions of Windows that was uncovered by the US National Security Agency earlier this year. After the vulnerability was uncovered, Microsoft released a patch in March for all affected systems and urged users to update to ensure protection.
Users Windows 10 are not vulnerable to the exploit, but older systems, such as Windows 8/7/Vista/XP, can be affected. Mac or Linux-based system have not been hit so far.
Cyber security expert Troy Hunt told SmartCompany yesterday that if a business has kept its systems up-to-date, the WannaCry ransomware is a “non-event”.
“This malware is targeting a vulnerability patched two months ago, so for businesses keeping their systems updated, this is a non-event,” he said.
“It’s amazing we’re seeing this problem at all, organisations have had a two-month lead time to patch this exploit.”
Windows systems can be updated via the inbuilt auto-update application which automatically receives all the latest security patches direct from Microsoft. The company provides a guide on here.
2. Disable the SMB protocol
For some businesses, updating your operating system can break more things than it fixes, because some update-averse business-critical software relying on certain versions of Windows in order to function correctly.
Large technology ecosystems like the UK’s National Health Service, which was heavily disrupted by the WannaCry ransomware, often rely on specific versions of operating systems and other software to ensure interoperability.
For businesses in this situation, a workaround is available. The ransomware takes advantage of a vulnerability in Windows’ SMBv1 protocol, which Hunt describes as a way for computers to “run remote commands on another machine”.
Disabling this protocol can prevent the vulnerability because you’re preventing the hackers from gaining entry.
Depending on your Windows version, disabling the SMBv1 protocol is fairly simple. For users on Windows 7/8/10, simply use the search function to navigate to “Windows Features”. In the list of features, you will see an option labelled “SMB1.0/CIFS File Sharing Support”.
Disabling that option and restarting your computer will prevent the ransomware from spreading to your computer. Microsoft has more information on how to disable SMB features on its website.
3. Backup your files
You’ve heard the golden rule “always back up your files” countless times, but in this case, that advice is just as relevant as ever.
Ransomware works by encrypting your precious data and demanding payment for the release of this, eventually threatening deletion if the ransom is not paid by a certain time. Hunt advises businesses to backup frequently, as doing so can turn a ransomware attack from a big issue into a minor annoyance.
“The whole idea of ransomware is for it to get its hands on every file it can find and encrypt it, so if you can just wipe your machine and restore from a backup, then it’s not an issue,” Hunt said.
“It’s not fun, but there’s a big difference between some downtime and a loss of work.”
For SMEs backing their systems up on-site, ensuring those systems can’t also be compromised by spreading malware is essential, with businesses advised to keep them disconnected from online computers unless backing up.
The easiest solution is cloud-based backup believes Hunt, which can be set to automatically sync files every day whilst also being exempt from system-wide ransomware attacks.
4. Educate yourself and your staff
Given small businesses lost over $2 million to scams over 2016, getting everyone in the business on the same page when it comes to cyber security can bring some peace of mind.
Dodgy-yet-legitimate phishing email attacks are becoming increasingly common, with Australian businesses being hit by a new one every week. These attacks can bring ransomware or keyloggers into your system, or masquerade as an unpaid invoice for time-poor business owners to pay.
The experts have previously explained biggest cyber-security threats for SMEs for SmartCompany. Reviewing these can lessen the impact if you are hit by cyber-attacks, and briefing your staff can help them alert you to any tell-tale signs of a breach.