What is behind the scenes? How can this hurt us?
Last weekend the 61 organisations in the NHS were the victim of a ransomware attack.
So a customer asked us: is my business at risk?
The simple answer is yes to a degree: we all are. Here is why and here is how to insure against it.
This attack used an “accidental” loophole that (I say this for legal reasons) in my educated opinion was put in Windows XP by Microsoft under orders from the US Government. It was for spying or other military purposes. Microsoft had to keep it there. It’s why it remained and Microsoft issued a statement (see link below).
It’s also why there was a “kill switch” which was found “by accident”.
About 2 months ago a set of “tools” as they are known were leaked. These tools make assembling such an attack about as complicated as assembling toy bricks in the wrong hands.
The bad guys are just in it for the easy money and that’s a good thing. If they were more skilled or dedicated, they would have analysed the code, removed the kill switch and (as is sure to happen sometime soon) re-released the attack. It is simpler, much much easier just to assemble the code blindly. This option has been around for probably over 15 years. Greed meant that the attack was built without any in-depth analysis at the lowest possible cost in effort. It would never have happened if Alan Turing was in charge.
So now we all know about it. IT specialists have zipped up the loophole. What can we do for the future, the next attack?
Added value applications has been in business for nearly 20 years and never (to date) suffered from a cyber-attack or virus.
When we had notice of the attack, I instituted a check of all our defences. We have three layers of defence. We (purposely) have systems with all flavours of windows and apple operating systems.
Some years ago we decided to move our services to the web. They are now there. If you are using our services and your computer gets hit (or just simply breaks) all you do is use another. You get it repaired, replace or reset (known as reformatting) and carry on without hardly skipping a beat.
Your data is a safely stored away at Microsoft’s data centre in the UK. Microsoft are constantly under attack and as a result are the hardest target to dent, They have the state of the art defences in place and as they designed and added the loophole in the first place (for everyone else) you can be sure they will have plugged it to stop it being used against them.
Global cyber-attack: How roots can be traced to the US
Microsoft statement: The need for urgent collective action
"Accidental hero" halts ransomware attack and warns: this is not over