What is ransomware… and what the NHS should have done…

By | May 22, 2017
This content is 3 years old. Please, read this page keeping its age in mind. Thank you.

I had been thinking about telling you something else about QR codes today – but I think with all the fuss you’ve probably seen about the “ransomware” that’s affect the NHS and others, I should explain a bit about what’s going on and what you need to do.

First of all, what is “ransomware”?
It’s a kind of program that’s designed to lock your computer, tablet or smartphone. Some types stop you using your device at all, some just stop you having access to your files (photos, documents or whatever).

Then a message pops up on your screen saying that your files are locked and you can’t get at them unless you pay a ransom to the hackers who wrote it.

In some cases you can get rid of it without paying the ransom – but not always.

So how does it get onto your computer (I’ll just say computer but it could also be tablets or smartphones)? Well, there are umpteen different ways – the most common is either if you download something that turns out to be dodgy, or opening an email attachment that contains something dodgy. They can also often then spread to other computers on the same network, so if it gets into one computer in a system like the NHS’s, then it can very quickly be on nearly all of them

What about if you have a backup of the data?
If you have everything that’s on your computer properly backed up, it shouldn’t be so bad. You might possibly have lost access to your computer, but you can put the backup onto another computer – a new one, a friend’s or if it’s happened at work, onto an unaffected work one.

The problem comes with the way some backups work. When you’re planning a backup you might think “I don’t want to have to plug a separate drive in, I want to be able to back everything up automatically. So I’ll have something connected all the time that automatically has a backup. But I’ll keep it separately, maybe connected by the internet. That way if the main computer fails or even if it’s destroyed in a fire, I’ll have a backup.”

The problem with that is if the main computer gets attacked by ransomware, it’ll also be able to attack the backup, because they’re both connected. You need a backup that’s completely separate – what they call “an air gap”, so there’s no connection between the backup and the main system after you’ve taken the backup. Sadly, not many organisations do this.

So how can you protect against things like this?
Well, there are two methods – only one is really viable for normal people at home.

The first method (that isn’t really viable for most people) is to have your network completely unconnected from the internet and the outside world. If it isn’t connected, it can’t be attacked. (A lot of the recent issues came about from dodgy emails, so if you don’t have email, or at least don’t have email outside of your system, that couldn’t happen.)

It’s harder than it sounds, though. It’s easy to just have a network that isn’t connected to the internet. But what about USB drives – if your PCs have USB drives, someone could innocently plug in a pen drive/memory stick that they’ve used at home… and if their home PC is infected, that’ll now infect the network. And since it wasn’t connected to the internet, you probably won’t have un to date anti-virus/security software on it.

And it’s not much use at home if the point of having a PC is to access the internet!

The other way is to keep your operating system (eg Windows) up to date and keep your security software up to date. If you have Windows updates turned on, that’ll take care of the first part of that as long as you’re using an up to date version of Windows itself (7, 8 or 10).

Sadly, it looks like parts of the NHS are still using Windows XP (they should have read my newsletters – I’ve been saying using XP online is a bad idea for years!) and that means even with up to date anti-virus software, you just aren’t properly protected.

Worse, there was an update back in March that would have protected against this very attack. And it wasn’t installed – at least not on all NHS computers.

Lots of people are getting very het up about the fact that the NHS are still using Windows XP. And that’s fair enough – as I say, I’ve been telling people not to use it online for ages. But they’re not the only ones, by any means. And it was already public knowledge that they were still using it.

Still, hopefully it’ll be a good push to any organisations still using XP, or who don’t have updates happening automatically, to sort their systems out. And if you’re using XP, well, at least now you know some of the risks – and if you do carry on using it on the internet, for goodness sake don’t use it for bank details, paying by credit card or anything like that. But really, I wouldn’t recommend it for on the internet at all.

Sadly, I’m not sure whether it will make people take it seriously. As long ago as 2014 the Government were reminding hospital trusts to move away from Windows XP and even offering funding to do so – but lots didn’t. Then in September of last year a security company took them to task for still using XP – and several of the hospital trusts brushed concerns away, saying they were properly protected. Then in January of this year a London Hospital Trust was hit by a ransom-ware attack, similar to this one (but smaller) – and still they haven’t learnt. Let’s see if they do now!

Watch out for this later today…
Phew – all that talk about scary ransomware might leave you thinking it’ll be hard to get to sleep… well, that gives me a neat way to lead into mentioning to look out later today for an email from me.

At 11am (UK time) today, I’ll be launching “Sleep – Cutting Through the Claptrap: What everyone should know about Sleep, why it matters and how to get a good night’s rest

I’ll let you know more about it – what it covers, why I think this is so important and how to get hold of a copy.

Keep an eye out for my email at eleven!

2 thoughts on “What is ransomware… and what the NHS should have done…

  1. Norman Bilston

    I got a ‘ransomware’ notice 4 wks ago, I was told to ring a certain N° or I’d lose my files & data within the next 5 mins. – I immediately severed my connection to the internet & tried to shut down my computer but couldn’t, it was ‘frozen’ so I crashed it manually. I signed in again an hour later but the message was still there, so I manually switched off again and left it off overnight. The following morning when I signed in again the message was still there so in desperation I pressed CTRL & ESC together rapidly 8 or 9 times & the message immediately vanished & my computer started working normally! I immediately ran a full scale security scan on line & another off line, nothing was found, Phew!!! When I told my local IT friend, he couldn’t ‘fathom’ it either.

    Reply
    1. Tim Post author

      Phew indeed! Sounds lucky. I suspect what you might have had is an attempt by someone who didn’t bother (or didn’t know how) to create a real piece of ransomware but who wanted to try it. SO they made something that looked like it and would come up every time you turned your PC on – but didn’t really lock it down properly at all.
      Thinking about it, this would be pretty easy to do – much easier than actually doing what the real ransomware did. And most people wouldn’t be able to tell the difference.
      Luckily you didn’t give in and ring the number and pay the ransom – good work!
      Tim

      Reply

Leave a Reply

The name you enter will be displayed. We collect your email address but do not display it. Full privacy policy here. Required fields are marked *