NHS cyber attack: How to protect yourself against ransomware

Installing new patches and computer updates, avoiding dubious websites and downloads, and backing up important files are key steps

Ian Johnston
Saturday 13 May 2017 11:13 EDT
Comments
Screenshots shared online purportedly from NHS staff, show a program demanding $300 (£230) in Bitcoin
Screenshots shared online purportedly from NHS staff, show a program demanding $300 (£230) in Bitcoin

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The risk of being infected by ransomware can be reduced significantly by taking the usual computer security steps, such as ensuring patches and updates are installed as they are released by software firms.

According to the National Cyber Security Centre, an arm of intelligence agency GCHQ, the hackers will exploit vulnerabilities in operating systems, web browsers, plug-in and application that have often been known about for some time.

“Software providers will have made patches available to mitigate them. Deploying these patches, or otherwise mitigating the vulnerabilities, is the most effective way of preventing systems being compromised,” the NCSC’s website says.

“However, as well as patching the devices used for web browsing and email, it's important to patch the systems they are connected to, since some ransomware is known to move around systems, encrypting files as it goes.”

The centre also suggests companies, which tend to be targeted for ransomware, should prevent staff from installing software on their computers without authorisation from an administrator.

“Remember that users may sometimes legitimately need to run code that you have not pre-authorised; consider how you will enable them to do this, so that they are not tempted to do it secretly, in ways you can't see or risk-manage,” it suggests.

​Websites should also be filtered so that people will not click on a site that could contain the virus.

The effect of a successful ransomware attack can also be reduced by restricting access to parts of the company system to those who need to use them.

“Good access control is important. The compartmentalisation of user privileges can limit the extent of the encryption to just the data owned by the affected user,” NCSC says.

“Re-evaluate permissions on shared network drives regularly to prevent the spreading of ransomware to mapped and unmapped drives.

“System administrators with high levels of access should avoid using their admin accounts for email and web browsing.

“Ransomware doesn’t have to go viral in your organisation; limit access to your data and file systems to those with a business need to use them. This is good practice anyway and, like many of the recommendations we make here, prevents against a range of cyber attacks.”

It also recommends having a secure back-up of files on machines that are not at risk of ransomware.

Anyone suffering a ransomware attack or online fraud can contact Action Fraud at www.actionfraud.police.uk.

“It is a matter for the victim whether to pay the ransom, but the National Crime Agency encourages industry and the public not to pay,” the NCSC says.

The centre also runs a commercial scheme called Cyber Incident Response, where certified companies provide crisis support to affected organisations.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in