After being hit by two massive and multiple dire cyber-attacks, it is high time to learn lessons about cyber security. Ransomware WannaCry made organisations like British NHS cry and the latest Petya ransomware which just locks data irreversibly, so what can we learn from these events?
Few years back, ransomwares used to be pretty stupid and their targets were mostly home users and individual systems, but they have just got a lot smarter and now their primary targets are business organisations. First because businesses have deeper pocket than individuals, but naturally; second, because they mostly have crucial data which the owner will not want to lose and will be an easy target to seize money; third, business systems are generally connected with networks which means easy breach of an entire network! This is not likely to change any soon and it is a threat to anyone’s business, so let’s learn lessons from the ransomware attacks.
The first lesson – Paying off to crooks is always a bad, bad idea. Paying money will not ensure that your data will be retrieved, you simply cannot trust criminals – that is common sense. Also, paying the bad guys will encourage them to repeat the same trick, which means the ransomware problem gets bigger for everyone. We surely don’t want that, right!
Lesson number two – Just because you aren’t a high profile target, that doesn’t mean you won’t get hit. It’s too early to be sure but it’s entirely possible that Petya was aimed specifically at Ukrainian industrial targets, but spread much further than its makers expected. So if you are thinking, eh I am not in Ukraine so why worry – well you are wrong, because you really never know. Also, these ransomwares have worm-like capabilities, so just not clicking on unknown links ain’t gonna save you from the jolt.
Number three – Always have your data backed up, you don’t know what you had until it’s gone. It is always a good idea to have a duplicate of you business database or the critical data of your organisation.
Fourth – Don’t ignore the patches! There was a patch available for vulnerability months before it was used to such destructive effect in WannaCry, but we all ignored it. Although patching systems is a tedious job, those patches will make sure that the attacks on’t break anything else inside a business.
The last one – It happened once, it will repeat. WannaCry may have died (for now) and Petya may be sluggish (for now) but it is surely not going to be the last ransomware crisis the world is likely to see. There are plenty of flaws in software to exploit and plenty of greedy criminals around willing to make money from ruining someone’s day. Just make sure it isn’t yours.