WannaCry Ransomware and Schools

With the NHS still reeling from arguably the biggest ever ransomware attack, it is perhaps a good time for schools to consider their cybers-security arrangements. Back in January, I wrote a blog post about a particular way in which some schools had been targetted. You can see the original post here.  The virus involved in the January examples may or may not have been the same WannaCry virus that is currently plaguing the NHS. The mechanism for introducing the virus into the NHS computer system may well have been different from that described in the January article. But the does not matter! What does matter is that ransomware viruses are preventable and that at your school you start taking appropriate measures to protect your systems and data.

There are two strands to preventing ransomware attacks on your data: technical and human.

The technical strand involves keeping your windows software up to date.You don't have to move to the latest Windows version as soon as it is released but continuing to run a version that is no longer supported is dangerous.  It's dangerous because Microsoft stops providing patches and updates for its older operating systems. Microsoft stopped supporting WinXP and Vista three and two years ago respectively. So if you are still running either of these operating systems you should be very worried and be looking at upgrading your OS!

If your OS is still being supported (Win 7, Win8, Win 10) your machine should be receiving regular automated updates. These automated updates are your best line of defence against ransomware. Ransomware is designed to exploit vulnerabilities in your operating system. Windows updates remove these vulnerabilities by applying 'patches' or fixes to the software. But it is possible to turn updates off. Sometimes people do this because updates take up disc space and are often believed to slow the machine down. If your machine's spec is high enough for the OS there shouldn't be a problem wit the updates. And remember, a slightly slower machine that you can access your data on is better than a fast machine that has trashed all your files! Make sure that your machine is receiving automated updates!

If your PC or laptop's OS doesn't have the latest fixes it is vulnerable to all sorts of viruses and malware attacks but it has to get infected. The WannaCry ransomware virus will have reached individual machines on the NHS network via one of a number of possible routes: transferred from an external drive (memory stick, external hard drive), downloaded from a website or activated by some unsuspecting person clicking the infected link in an email. 

Now if you never connect to the internet (not even for email or the iPlayer), if your machine is not part of a network,  and you never plug in any form of external media (memory sticks, external drives etc) you can stop worrying! A truly isolated machine is absolutely safe from viruses. But these days we are rarely offline let alone unconnected. We send and receive files via email, we open emails and follow links, we download free apps, music and videos all of the time.

So all the cybercriminal needs to do is to send us an email with a link to a virus or disguise the virus in a seemingly harmless file or software download. As described in the January article, sometimes they'll go the extra mile to ensure that we accept their download or open the email.

Ransomware attacks rely heavily on human behaviour. Someone needs to click a malicious link or open a malicious attachment to trigger the attack. So first and foremost, be vigilant. Learn to spot phising emails and potential ransomware attacks.

  • Is the email from a known sender?
  • Are you expecting the email/attachment?
  • Is the email address suspicious? i.e. from: Kathy Smith<KS3456864927t.com>
  • If you are asked to click a link again does the URL look suspicious? i.e. URL www.lloydsbank/45678tyr.com
  • Are there grammar or punctuation errors that you wouldn't expect?
  • Test the link at https://global.sitesafety.trendmicro.com/ 

And make sure that everyone who uses you machines knows this stuff! Raise it at your next staff meeting, talk to admin and other non-teaching staff, check that your OS is supported and regularly updated. Make sure that pupils are aware too - it will help protect your system and help to keep them safe from potential ransomware attacks at home.

 National Cyber Security Centre website has general advice on protecting your organisation from ransomware and the latest guidance on the WannaCry ransomware 


Latest from the Blog