There’s been a great deal in the news over the past few days about the already infamous “WannaCry” (AKA “WannaCrypt”, “WanaCrypt0r”, “Wanna Decryptor” etc.) malware that’s spread like wildfire across the world, most notably infecting numerous NHS trusts. You may not already know that Isosec was built from a security background, we have cybersecurity expertise spanning 50 years. With this in mind we thought we’d let you know just what on earth is going on, how it might affect you, and how it, thankfully, doesn’t affect Isosec (despite the similarities in the name of other companies involved!).
What is it?
First and foremost we go onto the question that’s on most people’s minds; just what exactly is this thing? Well, “WannaCrypt” is a type of malware (malicious software) known as “ransomware”, which is software that will encrypt all of your most important files and folders, and then quite literally hold them ransom, asking you to make a payment in order to decrypt them for use (which more often than not is the worst possible thing you can do).
Now that the technical jargon is out of the way, a practical example. You receive an email with an attachment, you open this attachment and it runs a program on your computer, this program locks away all of your files with a password you don’t know, and then demands a sum of money in return for that password. Sound bad? It is! Ransomware has been around for many years in various forms, but what’s getting worse is not so much the programs themselves, but the way in which they spread.
In the case of “WannaCry”, the evidence thus far suggests that it’s capable of spreading across the entirety of a local network with ease, infecting every other computer on the network that isn’t up to date enough to protect against the vulnerability. Now if the “not up to date” part of that spiked your interest, that’s for good reason…
Whilst the usual security principles come into play here – always run an active anti-virus and keep a malware scanner to hand, don’t open unknown attachments, stay away from unfamiliar websites etc. – there is one that rises above all others in terms of importance; keep your computer up to date. The vulnerability in Microsoft’s Windows product that allowed the “WannaCry” attack to take place was fixed back in March of this year, meaning that the average computer was already safe by the time the attack began. But if you don’t regularly update – and don’t have automatic updates switched on – then you were, and possibly still are, at risk.
How this (doesn’t) affect Isosec
Due to the nature of Ransomware, attacks such as these are unlikely to affect us as a company. Our internal security policies keep us out of harms reach, and the fact we ship software rather than hardware means we’re not in the crosshairs of these sorts of attacks. But that doesn’t mean we can wash our hands of any responsibility, instead, it’s important to look at how we can help you to prevent these problems from happening.
Let’s use MIA Maternity as an example. MIA Maternity is completely offline-capable, and while that’s important for midwives who use our software in areas of limited or no connectivity, it’s even more important when a large scale cyber attack such as this one occurs.
This is because even though the Trust owned servers that hold the all important patient data might be compromised, the mobile devices remain functional, with a recent copy of all the patient data required to work. Midwives can continue to work without issue, and patient care isn’t compromised. Better yet, there’s no need to revert to older paper-based backups, midwives can continue to enter data into MIA Maternity, and it will be sent back to the server once the issue has been resolved by the Trust.
Here at Isosec we take security very seriously. It’s baked into how we make software, and is something on the minds of everyone here constantly.