What can we learn from the WannaCry ransom ware attack..?

Ransom ware screenThe WannaCry (WannaCrypto2) ransomware attack that crippled the NHS in the UK and locked up more than 230,000 computers in 150 countries, and demanded a payment of US$300 each, in 28 different languages, to unlock them, was wholly and easily preventable.

By anyone who owns a computer.

The attack was successful because the computers that were locked up were operating on out-of-date software.

The flaw in Windows that allowed the WannaCry attackers access to all those computers was patched by Microsoft in March, two months before the attack took place.

Computer owners and system administrators had simply failed to update their systems, or were running software so old it was no longer supported.

And the cost of fixing the problem will be many hundreds of times more expensive than the cost of keeping the software up to date in the first place.

Although this attack affected computers, rather than websites, the principles that I have written about so often are absolutely applicable in both cases:

  1. Keep all your software absolutely up to date
  2. Backup everything at least once a week

All websites under our management are backed up at least once a week, more often if any changes are made, and the backups are stored off site (on our off-line storage). My computers are fully backed up once a week, and the backups (one data backup and one system backup for each machine) are stored on our off-line storage.

I’m not being smug here, I’m only illustrating the benefits of a disciplined approach to managing your systems: If my system had been affected, and no one could ever guarantee that it would not have been, I would simply have re-formatted the Hard Drive and restored my system and data from the latest backups.

The NHS was the highest profile victim of this attack and it was crippled. Procedures had to be cancelled, no records of any type were available, ambulances had to be diverted, NHS staff had to resort to using their mobile phones and making notes with pencil and paper in order to carry out their duties as best they could.

Attacks like these can be devastatingly effective and, in the case of the NHS, could possibly have caused loss of life. Thankfully, nothing like that has been reported.

Again, the two principles that would have protected the victims of this attack:

  1. Keep all your software absolutely up to date
  2. Backup everything at least once a week

For some information on how Abledragon can help to protect your website against cyber-attacks and keep your business online please:

Stay safe,

Martin Malden

About the author: Martin Malden owns Abledragon, a WordPress agency that was established in 2009. Today it serves customers in Hong Kong, Australia and the UK. Abledragon websites are built for today’s Internet, with the mobile user in mind, and are known for security and speed. Successful Abledragon projects.