NHS cyber attack: How to protect yourself against ransomware

Installing new patches and computer updates, avoiding dubious websites and downloads, and backing up important files are key steps

Ian Johnston
Saturday 13 May 2017 16:13 BST
Screenshots shared online purportedly from NHS staff, show a program demanding $300 (£230) in Bitcoin
Screenshots shared online purportedly from NHS staff, show a program demanding $300 (£230) in Bitcoin

The risk of being infected by ransomware can be reduced significantly by taking the usual computer security steps, such as ensuring patches and updates are installed as they are released by software firms.

According to the National Cyber Security Centre, an arm of intelligence agency GCHQ, the hackers will exploit vulnerabilities in operating systems, web browsers, plug-in and application that have often been known about for some time.

“Software providers will have made patches available to mitigate them. Deploying these patches, or otherwise mitigating the vulnerabilities, is the most effective way of preventing systems being compromised,” the NCSC’s website says.

“However, as well as patching the devices used for web browsing and email, it's important to patch the systems they are connected to, since some ransomware is known to move around systems, encrypting files as it goes.”

The centre also suggests companies, which tend to be targeted for ransomware, should prevent staff from installing software on their computers without authorisation from an administrator.

“Remember that users may sometimes legitimately need to run code that you have not pre-authorised; consider how you will enable them to do this, so that they are not tempted to do it secretly, in ways you can't see or risk-manage,” it suggests.

​Websites should also be filtered so that people will not click on a site that could contain the virus.

The effect of a successful ransomware attack can also be reduced by restricting access to parts of the company system to those who need to use them.

“Good access control is important. The compartmentalisation of user privileges can limit the extent of the encryption to just the data owned by the affected user,” NCSC says.

“Re-evaluate permissions on shared network drives regularly to prevent the spreading of ransomware to mapped and unmapped drives.

“System administrators with high levels of access should avoid using their admin accounts for email and web browsing.

“Ransomware doesn’t have to go viral in your organisation; limit access to your data and file systems to those with a business need to use them. This is good practice anyway and, like many of the recommendations we make here, prevents against a range of cyber attacks.”

It also recommends having a secure back-up of files on machines that are not at risk of ransomware.

Anyone suffering a ransomware attack or online fraud can contact Action Fraud at www.actionfraud.police.uk.

“It is a matter for the victim whether to pay the ransom, but the National Crime Agency encourages industry and the public not to pay,” the NCSC says.

The centre also runs a commercial scheme called Cyber Incident Response, where certified companies provide crisis support to affected organisations.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in