• Go

    Pages

      Members

        Categories

          Quicklinks

            Events

            • Cyber Alert – Wannacry Ransomware

              (2) Comments

              Last week and over the weekend, critical service businesses and healthcare facilities were victimized in more than 150 countries worldwide. Canada seems to have been spared but most cyber security malware experts believe this to be a fluke. More than 200,000 computers were victimized. Ransomware or malware is so prolific that it is only a matter of time before Canadian companies are targeted.

              A UK malware researcher found a flaw in the WannaCry program code. He essentially developed a type of “kill-switch” that had some effect in slowing the spread of the virus. However, variations of the malware were discovered that did not have the flaw. Attackers are expected to improve the code, making your computer system vulnerable to attack.

              WHAT HAPPENS WITH WANNACRY RANSOMWARE?

              In this case, WannaCry is a form of malicious malware that:

              • Takes control of your computer (kidnaps your system);
              • Locks you out;
              • Secretly encrypts your files with a robust encryption program; then
              • Demands a ransom to release your computer system back to you.
              However, just like in a kidnapping situation there is no guarantee your system will be released or restored to you after paying the ransom.

              WHAT CAN I DO TO PROTECT MY SYSTEM?

              On March 14, 2017, Microsoft released a patch for current operating system versions that should prevent the WannaCry malware from infecting your system. Over the weekend, because of the extent of the attack, Microsoft also released patches for discontinued operating systems that are no longer supported, including Windows Server 2003 and Microsoft XP.

              To mitigate the risk of becoming a victim in the future, take these simple yet effective steps:
              1. BACKUP, BACKUP, BACKUP. Ensure you fully backup all your systems daily with effective and appropriate software that contains an integrity check. Ensure your backup system is independent of your computer system and disconnected from it when not in backup mode;
              2. Ensure your Windows program is continually updated. If ‘Automatic Updates’ is not enabled on your computer system, go to “Windows Updates” (usually in your Start menu) and run available updates;
              3. Ensure you have installed a powerful and up-to-date anti-malware program on your system;
              4. DO NOT OPEN any email attachments you are not expecting or click-on ads or links on websites you are unfamiliar with;
              5. Do not connect your system to unsecured networks nor allow USB sticks or thumb drives from unknown sources to be used in your system.
              The bottom line is BE CAREFUL. If in doubt about an email that may appear to be a phishing attempt, delete the email immediately and contact your IT people.

              WHAT DO I DO IF I DISCOVER I’M A VICTIM?

              During 2016, it is estimated that 80% of businesses have experienced a cyber attack. Knowing what to do is critical to a full recovery from an attack whether it is a hacker or a disgruntled employee. If you discover or suspect you are a victim, the following are some critical steps that may be useful to mitigate your risk and assist in bringing your business operation back on line:
              1. Alert your IT department or let the person who manages your network know that you suspect you’re a victim of a malware attack. DO NOT FORWARD OR REPLY TO THE MESSAGE OR ENGAGE THE HACKER IN ANY WAY;
              2. Unplug the affected computer from your system to isolate the ransomware/ malware and prevent the virus from spreading to other computers and crashing your system. Disengage your Wi-fi if you’re on a wireless network;
              3. Begin and continue keeping a record of your actions and observations, including time and date, to assist the computer forensics team to recover your system;
              4. Notify senior management who will engage the Crisis Management Team to activate the Incident Response Plan (IRP). If you do not have an IRP, it is well worth the effort to take the time to develop one before an incident occurs. Developing an IRP after an incident is akin to the fable of closing the barn door!
                • Contacts, contact numbers and other actions such as engaging legal counsel, calling your insurance agent, activating your privacy policy, communicating with the Board, employees and police, engaging computer forensics professionals and activating your backup and Disaster Recovery Plan are all part of your IRP. Be sure your IRP is up-to-date.
              About the author:
              Earl Basse is a local security consultant who, after a successful career with the RCMP, moved into the forensic investigation and corporate and cyber security world of the private sector. His extensive expertise in forensic investigations, corporate security and emergency management is well-known in the industry. He focuses on mitigating the risk organizations face in their day-to-day operations by leading them through the complex development and implementation of a Master Security Plan to protect their valuable assets. As a CPA, Earl brings his accounting and financial skills to the table to ensure cost-effectiveness in developing these plans.
               
              For additional information contact Earl at 587-486-8102 or by email at ebasse@telus.net

              Leave a Comment
              * Required field