In view of last week’s events which highlighted the constant risk posed by hackers and cyber-attacks (http://www.bbc.co.uk/news/health-39899646), we thought that now was a great time to offer a few tips to help guard against this ever-present risk.
However, before we offer our own tips on tightening your online security, we would like to address the specific threat from the ‘Ransomware’ which crippled many systems last Friday and would like to direct anyone who feels the could potentially have been compromised to read the information from United Hosting below.
“We strongly advise our customers to apply the following security update, released by Microsoft on March 14th this year: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx?f=255&MSPPError=-2147217396 , if not having done so already.
Overview of risk
Microsoft have announced a vulnerability in Microsoft Server Message Block 1.0 (SMBv1) server today. This service (SMB) is utilised to present shares, printers and more on a Microsoft Domain network.
This vulnerability exposes core Active directory components to Remote Code Execution from unauthenticated attackers. They would be able to execute any code they wished to potentially gain access to the entire network. The patches Microsoft have provided should be tested installed as a matter of urgency.
Specific Security reports of the Common Vulnerabilities and Exposures (CVEs) are below –
|Vulnerability title||CVE number|
|Windows SMB Remote Code Execution Vulnerability||CVE-2017-0143|
|Windows SMB Remote Code Execution Vulnerability||CVE-2017-0144|
|Windows SMB Remote Code Execution Vulnerability||CVE-2017-0145|
|Windows SMB Remote Code Execution Vulnerability||CVE-2017-0146|
|Windows SMB Remote Code Execution Vulnerability||CVE-2017-0148|
The released patches target the SMBv1 service and the way it handles the particular requests that can be used to exploit it.”
How does the virus spread?
One of the key questions regarding this attack is how did it manage to spread so quickly?
There are 3 primary methods of entry for Malware to a computer. These are:
- Opening attachments or clicking on links in phishing emails
- Downloading legitimate-looking
- Visiting a malicious site (particularly if you are using outdated software, browsers etc)
Please Note – If an infected computer is hooked up to a network, the virus can then spread to other connected computers.
Is It Possible To Protect My Computer From The Ransomware Virus?
Many of the users who were affected were still using outdated versions of Windows such as Windows XP which was no longer receiving security updates from Microsoft.
If you are using an older version of Windows, we would recommend upgrading your operating system ASAP.
Microsoft’s current operating system is Windows 10. Two slightly older versions, Windows 8.1 and Windows 7, are also still available.
Am I Safe If I Have a More Recent Version of Windows Installed?
Even if you have a more recent version of Windows on your PC, we strongly recommend downloading all of the most recent updates and security software to increase your ability to guard against these threats.
The security patch that Microsoft released in March, named MS17-010, can be found online.
Windows 10, 8.1 and 8 all include Microsoft’s Windows Defender antivirus software as standard and this can be effective against many types of malware and ransomware. If you are still using Windows 7, downloading Microsoft’s free Windows Security Essentials software can be beneficial.
What to do if your computer is infected?
The National Crime Agency (NCA) encourages victims not to pay any ransom and to contact Action Fraud.
Further information and support can be found on the NCSC website.
They also recommend the following steps:
- Run Windows Update
- Make sure your antivirus product is up to date and run a scan – if you don’t have one install one of the free trial versions from a reputable vendor
- If you have not done so before, this is a good time to think about backing important data up – you can’t be held to ransom if you’ve got the data somewhere else.
If you would like to put your website in the hands of a company who will take it forward, please contact Footprint Web Design on Tel. No. 01883 372488 today.