Windows XP Global Ransomware Attack

May 2017

Windows Ransomware Attack

The largest cyber attack in NHS history over the weekend has, again, raised the very real threat facing both private and public sector organisations.  At time of reporting, NHS officials were still unable to say whether patients’ records had been destroyed or compromised.   Experts at GCHQ’s national cyber security centre were said to be helping NHS teams fight the attack.The particular target for this attack is the Windows XP operating system. 

According to Microsoft’s website,  “After April 8, 2014, Microsoft will no longer provide security updates or technical support for Windows XP.  Security updates patch vulnerabilities that may be exploited by malware and help keep users and their data safer.  PCs running Windows XP after April 8, 2014, should not be considered to be protected…”. 

However, following the recent cyber threats, Microsoft seem to have reconsidered the impact on their legacy products, taking what it describes as a “highly unusual” step to provide public patches for Windows operating systems that are in custom support only. This includes specific fixes for Windows XP, Windows 8, and Windows Server 2003, please see links below.  Windows XP still held 8.45% of the desktop market share as of February 2017, the third most popular desktop operating system.  Microsoft estimate the total number of Windows users at more than one billion, which means that tens of millions of computers would potentialy remain at risk without the corrective steps taken above.  

Who is responsible?

This vulnerability has been exploited by groups said to be connected to Russian organised criminal gangs, although it is has not been confirmed who exactly is responsible.  Action by GCHQ and other western law enforcement agencies are endeavouring to disrupt the worldwide network of computers being controlled by criminals to steal personal financial details and other sensitive data.  For example, in 2014, GOZeuS malware (also known as P2PZeuS) was said to be responsible for the fraudulent transfer of hundreds of millions of pounds globally, with a number of well-publicised, high profile attacks.  Recent intelligence has suggested that more than 15,500 computers in the UK are currently infected, with now many more potentially at risk following this latest incident. 

Protecting your IT Systems

Bold users are well aware of the critical threats to their IT infrastructure, particularly so because of the need for remote monitoring systems to access networks.  The serious consequences of a breach is a significant threat to the operations and reputation of a security monitoring service provider. There are some basic steps which can be taken to help avoid falling victim to cyberattack -

♦  Keep OS patches up to date on ALL servers and desktop PCs

♦  Check that antivirus software is installed and properly maintained on all servers and desktop PCs, and ensure scans are run regularly

♦  Ensure staff do not open email attachments unless they have first checked with the sender that they are safe to open

♦  Educate computer users about IT security risks and safe internet browsing practices

♦  Download and apply Microsoft security updates to all Servers and PCs.  These can be found on one of the following two links, please identify the one which is relevant to the version of your operating system -

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx 

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ 

For those organisations which ignore the threat posed by criminal cyber activity, there is a high possibility of falling victim.  Bold provide a CloudCare managed protection service which has proved popular since its launch at the beginning of 2017 and is available to all organisations seeking to protect themselves.   

Bold Communications works closely with specialist IT security partner, AVG, to provide a centrally managed CloudCare service for servers and PCs to safeguard systems from malicious attack.  The service includes antivirus protection, concealed threat removal and automatic backups in the cloud.  Although no anti-virus program can ever provide 100% protection against the thousands of new malware being produced every day, these steps, together with the need to exercise common sense and physical protection procedures, can establish a robust defence against ongoing threats.  

For more details, please contact Bold on 01925 713224 or info@boldcommunications.co.uk

Updated Tues, 16th May 2017