What we can learn from the NHS cyber attack according to a cyber security specialist

Posted on: 15th May 2017

NHS cyber attack
On Friday, we learnt that the NHS had fallen victim to a ransomware attack, which within a few hours had caused havoc for computer networks not just within the NHS, but for both home and work PC users across multiple countries.

The ransomware responsible for the attack is named ‘WannaCry’ and it certainly will make you want to cry if you are unfortunate enough to be affected by it. At the moment, WannaCry has hit over 200,000 systems in 150 Countries, according to Europol. The worrying part is there’s 196 countries in the world- meaning this virus has managed to spread virtually worldwide in a matter of just 3 days. This highlights the sheer impact that a virus can have on computer networks.

An expert opinion

nhs cyber attack
Our Technical Director, and Cyber Security expert, Joe Burns, was interviewed by BBC Radio Nottingham and Gem 106 to discuss the matter. He explained that ransomware attacks like this are able to spread so freely and quickly as a result of people either not patching over vulnerabilities, which can be done by installing the most recent updates, or by working on unsupported operating systems.

Currently, Windows XP, Windows Vista are Windows Server 2003 are unsupported by Microsoft, meaning that new vulnerabilities cannot be patched, putting users at risk.  Windows Vista became unsupported in April this year, however, in March Microsoft released a patch for Vista that if installed, would have protected users from the ransomware.

To deal with the sheer amount of people running on old operating systems that were affected by WannaCry, Microsoft had to make an update that could patch over the security flaws. He points out that Windows 10 and Windows Server 2016 are significantly more secure than any of their predecessors.

Joe also used an analogy to explain how ransomware works;

“It’s a bit like everyone having a flowerpot outside their house, with a key to the property underneath the flowerpot which was placed there by the builder. The homeowners don’t actually know it is there and only the builder and a select few people know that it exists at all.

The key allows someone to enter the property and snoop around without detection, as the person has not had to forcefully break in. However, the problem occurs because someone has broadcasted to the world that this key exists under everyone’s flowerpots, so now a lot of people know about it, meaning that many criminals will take advantage of this and start entering people’s homes, gathering precious possessions (your files) and storing them in a safe that only they know the code for, they will give you the code, if you hand over the money (how ransomware works).”


NHS cyber attack

Preventative Measures

Joe explains that these 6 steps are crucial in ensuring protection against attacks of this kind.

1. Most importantly, running on supported operating systems and installing updates is the most crucial step anyone can take in avoiding cyber attacks, this patches over vulnerabilities in old versions of operating systems.
2. Disable Server Message Block (SMB) Version 1- specific to this situation
3. Don’t open emails from unknown senders and be cautious of opening emails even from known senders, especially if they contain attachments which you were not expecting to receive.
4. Disable RDP ports
5. Install IDS (Intrusion Detection System) so you can be alerted if there is suspicious activity on your network, giving you more time to mitigate the threat.
6. Invest in cyber security training that raises awareness in the workplace of cyber threats and what to look out for, stressing that every employee is responsible for keeping the computer network safe.

You can listen to Joe’s interview below:

Pyranet are a cyber essentials plus certified company, with a team of cyber security specialists who are on hand to answer questions, offer advice and implement a variety of other cyber security services for your business.
Talk to us today if you are concerned about vulnerabilities and ransomware, we are always happy to help.