Most people will come to work this week either aware of the massive Cyberattack over the weekend or they will become aware of it shortly. Some countries like Russia and China were hit particularly hard while others such as the United States were less affected, although that could change Monday.
The computer-system attack unleashed on Friday and over the weekend is a form of what is commonly referred to as “Ransomware”, which are systems that encrypt files on computers and computer networks and demand payment to unlock the system. There are four steps in a typical Ransomware attack.
- It starts with an unsolicited email designed to trick a user into clicking on a link in the email or going to an infected website.
- The next step relies on the ability to exploit flaws in a computer’s operating system to force it to execute the ransomware code.
- If the infection is successful, the user is informed that their files are being encrypted and they need to make a payment using bitcoin, a digital currency, to have the files unlocked. In many cases the amount of the payment escalates with the passage of time.
- Finally, the ransomware makes an attempt to replicate itself and spread to any network it finds. In some examples, the ransomware will remain dormant until the infected machine is attached to a network.
There are a few important things to note.
- The first is that most attacks of this nature are directed towards the Microsoft Windows operating system.
- Attacks are generally designed to take advantage of vulnerabilities after Microsoft has identified the problem and released a patch for it. The attackers are seeking to take advantage of computers that not been patched with the latest software updates. In this case, hackers had released a tool used the National Security Agency (NSA) in the United States to hack into computers and the people behind the ransomware attack took advantage of this knowledge.
So how do you protect yourself against this if you are an equipment rental company? If you review the four steps to a successful ransomware attack, you will note that it requires two key ingredients.
- A decision by a computer user to practice unsafe behavior. Obviously, you should try to educate your users not to click on links in any unconfirmed emails, even if they are from people known to the users. Sending emails from an address book in an infected computer is the quickest way to spread the infection.
- The second is to make sure computer patches are always as up to date as reasonably possible, something not always easy for larger organizations or those without computer expertise.
- If you are running Microsoft Windows computers in your organization, we would strongly recommend you check the update policy on each machine and set them to automatically update as Microsoft releases the updates. At the very least, you should set the update policy to check for updates and alert the user to the presence of new updates.
There is some excellent additional information available on this specific attack and ransomware, in general, on the Wall Street Journal website in their article on this topic of cyberware.
So should you consider Microsoft Office 365? Yes, because it removes a significant amount of exposure to ransomware and other malware by ensuring your office productivity tools such as Excel, Word, and Outlook are always at the latest patch levels. Being a cloud solution provider, Microsoft is responsible for keeping its cloud solutions patched. You will still need to patch the local machine and any servers you may have in the office.
If you have any questions about this article or want to find out more about Microsoft Office 365, please contact Malcolm.