The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Watch What Staff Click - Ransomware Warning

19 May 2017 | Updated 01 January 1970

Colin Tankard says the dust from the ransomware which hit major organisations around the world on Friday 12 may seem to have settled but vulnerabilities still exist in un-patched and legacy systems.

74 countries were affected including not only hospitals but businesses and others too, including Fedex, Honda the German rail systems, universities and national telco, Telefonica.  It would not surprise me if other organisations were affected too but have not publicly declared it.

The malware was delivered through spear-fishing emails which, when opened, triggered a cyber-contagion on the internal network. Being a hybrid design it had a worm element, allowing it to spread through internal systems for maximum reach and effect. What was interesting is that the infected system's settings were scanned to work out the user's language, then displayed the ransom demand in the correct language for the victim. It also changed the desktop backdrop in order to ‘grab’ the victim's attention - no subtlety there!


Getting your fix

From reports it seems the fix was published back in March but as with many patches, some organisations were slow to update. However, this malware also attacked older Windows operating systems which Microsoft had removed support of years ago and are no longer supported. This is why the NHS was so affected.

There are many reasons organisations do not follow the latest software releases but what seems to constantly fail, is the thought process around protecting what you have.

Machines running old versions of Windows can be protected in other ways, such as locking the core of the machine down so no external program is allowed to launch or modify the settings. Creating secure 'communities of interest', where core resources are only accessible to selected user communities and are hidden for all others, including both rogue and good programs. In this way any infection is contained within the community but if an infection occurs outside of the community, the internal community remains safe.

This process requires greater control of users and resources but we often see organisations that are so poorly organised that users have access rights to data or services they really should not have. This is not only a privacy issue it also means that a breach can quickly compromise the entire network.



The main problem with the hack we saw over the weekend is it that it was brought in by users clicking on a link or being duped into thinking the message was genuine. It falls on the organisation to protect and educate the user but far too often this does not happen. This is where facilities managers can bring their weight to bear.

User education needs to be ongoing to enforce company policy on data handling or website visits. We have seen an 80% fall in user bad practice when monitoring software, which prompts the user if they are about to breach a company policy, is installed. This is because the majority of users do not mean to do ‘bad things’ but sometimes they simply forget, once reminded they quickly learn.


Ticking timebomb

A second issue is that most malware can stay on the system for up to 200 days before it is triggered. This brings into question how long back-ups should be held for, as most organisations, at best, keep a back up for a month. What is needed is for monitoring of the core system attributes to look for anomalies, those subtle changes in the systems operating system which are changed by malware, viruses worms etc. and to alert the system managers of the threat. These checks can even automatically quarantine or ‘fight off’ the infection before it takes a grip. This means you don't wait 200 days to know there is something afoot.


Stable door

Those who have been infected by this malware will no doubt be rapidly downloading the patches and fixes, ‘shutting the door’ and locking everything down.

All businesses should ensure security patches are up to date and ‘kill off’ SMBv1 at the very least, block access to it from outside your network. It's understandable that IT managers with annoying corporate policies and heavy workloads have been forced to hold back patches or are unable to apply them.

My advice - update your installations, drop everything and get patching and do something about your users and their random clicking on attachments or links!

By Colin Tankard, MD, Data Security Company, Digital Pathways

Article written by Colin Tankard | Published 19 May 2017


Related Articles

WannaCry - Don't...Just Learn the Lessons

Earlier this year, ransomware took centre stage in one of the largest outbreaks ever, hitting a huge number of companies across the globe, writes Ravid Circus. There...

 Read Full Article
Phishing Docs and the Digital Signature?

Protecting digital documents and being able to verify that the sender of a file is, in fact, who they say they are, is fast becoming a major concern for many...

 Read Full Article
One in Ten Brits are Victims of Cyber Fraud

Research of over 10,000 consumers has revealed that one in ten people have been a victim of cyber fraud whilst not protected by cybersecurity software. Meanwhile, more...

 Read Full Article
Ransomware - the Protection Racket

ThisWeekinFM has been making a racket about Cyber Security because vulnerabilities are exploited at a personnel and personal level - where FM's should have some...

 Read Full Article
Ransomware - Universities and Students Under Attack

63% of British universities who responded to a Freedom of Information request made by SentinelOne, admit to being the target of a ransomware attack. Over half, 56%,...

 Read Full Article
Sage Stuffing - Alleged Fraudster Nabbed On the Wing

According to massive international payroll and accounting software firm Sage, which now offers nearly all of its services internationally via the cloud, unauthorised...

 Read Full Article
Andromeda Strained - International Cyber Op Dismantles Botnet

On November 29, the Federal Bureau of Investigation, in close cooperation with the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s...

 Read Full Article
McDonalds Security Contractor In 'Remove Your Hijab' Scandal

Thursday evening, November 30, McDonalds Restaurants discovered the hard way that a relationship with a contractor - in this case, employing cheap, untrained security...

 Read Full Article
If Dolly Can Be Hacked, What About The Hand Dryer?

  Connected toys with Bluetooth, wi-fi and mobile apps may seem like the perfect gift for Christmas. But Which? has found that, without appropriate safety...

 Read Full Article
Employment Tribunal Fee Refunds Leads To System Being Overrun?

The opening stage of the Employment Tribunal fee refund scheme has been launched with the first people eligible to apply from now. The first stage of the phased...

 Read Full Article