Cyberattack: Workers told to be extra vigilant as they return to desks on Monday
Businesses warned of out-of-date software, as victims are urged not to pay ransoms
A programmer shows a sample of a ransomware cyberattack on a laptop. Photograph: EPA
Cybersecurity experts have warned businesses to beware of potential ransomware attacks when logging onto their computers on Monday morning and not to open unknown email attachments or click on links if they are unsure of the source.
Pat Moran, the partner who leads PricewaterhouseCooper’s cyber practice in Dublin, said there was a real risk that the WanaCryptor ransomware would claim more victims – following a major worldwide attack on Friday – once workers return to their desks after the weekend.
Mr Moran said PwC didn’t want to scaremonger, but there was a possibility that the ransomware had yet to be detected on some corporate networks. “That is why the advice would be to be extra vigilant.”
The head of the European Union’s police agency Europol, Rob Wainwright, warned of an “escalating threat” from the malicious software, also known as WannaCry, and said the victims tally could grow on Monday.
The cyber attack, which badly affected the UK’s National Health Service (NHS), forcing the cancellation of operations and appointments, had hit 200,000 victims in at least 150 countries by Sunday morning.
So far, Ireland is understood to have been largely unaffected by this particular ransomware attack, although RTÉ reported a suspected attack on a healthcare facility in the southeast. The Wexford facility was not part of the Health Service Executive (HSE) and was not using its IT network.
Ransomware works by encrypting files on infected computers and demanding a sum be paid in exchange for a password, which then allows the owner to regain access to their data. The particular ransomware deployed on Friday instead took advantage of a known security weakness in older versions of Microsoft Windows and spread fast.
Organisations running older versions of Microsoft’s software were the ones that fell victim to the attack.
“They are more vulnerable and the criminals know that,” Mr Moran said. “They are a bit like the house thief who will target a house that has an easy way into it and doesn’t have an alarm.”
Mr Moran said it would be “prudent” for organisations to install critical Microsoft security updates, or patches, before the start of the business week.
These were released by Microsoft for newer operating systems in March, while the tech company took the unusual step at the weekend of issuing a fix for older software, such as Windows XP and Windows 8, that it previously stopped supporting.
PricewaterhouseCoopers cautioned against treating cybersecurity purely as a matter for IT staff. Cybercrime must be treated as a key business risk by the most senior executives, Mr Moran said.
“When the proverbial hits the fan, and organisations lose access to business plans, payroll data and information about their best customers, and that all becomes publicly available, it’s not the tech guys who will be in the papers, and in front of Oireachtas committees, it’s the CEOs,” he said.
PwC advises its clients to not pay the ransoms sought by hackers unless there is a threat to life. “Doing so fuels the ransomware economy, funding the development of additional ransomware techniques and campaigns,” said Mr Moran.
He added that PwC was aware of cases in Ireland where small businesses have paid ransoms so that hackers would unlock rather than delete their files.
“It is no secret that a number of organisations, particularly in the SME sector, have paid ransoms. These are four-figure or five-figure sums, which for an SME is quite a lot of money,” he said.
“They pay because they feel they have no other choice. They might be unable to access their payroll systems or transact with consumers, so they make the decision to pay and resume business as quickly as possible.”
Frequent systems back-ups are vital for organisations that do not want to be at the hackers’ mercy in the event of an attack, as back-ups allow for files to be rapidly restored without the payment of a ransom.
Erik O’Donovan, Ibec’s head of digital policy, said on Saturday that the business group was liaising with the Department of Communications to monitor the situation for Irish businesses.
Ibec called for funding for the National Cyber Security Centre, which received extra funding in Budget 2017 and is due to move to the UCD campus, to be “increased significantly further” in light of the escalated threat.