Sally Latimer-Boyce

We all know the NHS have been badly affected by Ransomware, but the question on everyone's lips is "how did it happen, and will I be next"?


The first thing I would say is DO NOT PANIC!    Malware of this kind has been doing the rounds for years - it is only these recent high-profile cases that have led to hightened public awareness and a major media frenzy.   That's not to say this isn't serious though - it is, and we all have a role to play if we are to eradicate this malicious tool. 


If you are client of Serendipiti, then the likelihood is you are already enjoying the merits of HIGH QUALITY Anti-Virus protection, and feature-rich backups.    


However, client of Serendipiti or not - you should still encourage all of your staff to follow the advice below.


Whilst there are suggestions that the NHS was hacked, it is also possible that the infection was simply "let in" by an unsuspecting end-user.    Most malware infections are.  


A common misconception by end-users is the assumption that when an infection is unleashed, a popup will automatically appear - declaring proudly that the unwitting PC-user has 'just unleashed fury on your system'.  Whilst some infections do immediately lead to annoying popups, my experience shows this not to be the case with ransomware.  Instead, it is unleashed silently and discretely in the background - and often under the radar of Anti-Virus protection.   It is only AFTER the damage is done (ie. as many of your files as possible have been infected whilst the code remains unchallenged) that the offending malware alerts you to what has happened.    It may even take a restart of your PC before the declaration notice pops up.  At this point, it demands money for the safe de-cryption of your files (hence the name "ransomware").


In light of the recent NHS episode, it is understandable for you to consider leaving your computer switched off for the foreseeable. Whilst that will eliminate the risk, it will also eliminate any productivity!  Instead, apply the recommendations shown below, then continue to use your computer with vigilance.  


Thereafter, there are some telling signs to look out for that may suggest you have been infected with Ransomware:-


1/  You might open a Word document, or an Excel file - even a photograph.  But instead of the file opening successfully, you receive an error message stating "incorrect file format" or something similar.  Applications like Word or Excel cannot recognize files that have been encrypted, so unless it was you who encrypted the file in the first place, these symptoms alone could suggest you have been affected. 


2/ Your files appear to be duplicating themselves, and the original copy now has a random file extension such as .wallet instead of .doc or .xls.  This is confirmed behaviour of ransomware and must not be ignored.   The infection is designed to target all the files and folders on your computer that are not locked and in use.  These can include windows and other application files (needed by your computer), as well as Pdf's, Powerpoint presentations - even CAD Drawings.  Worse-still, once the malware has infected your computers local disk (drive C), it will move onto any other drives you might be connected too (including network folders and permanently connect USB devices).


The trick with either of these symptoms is to act FAST.  Turn off your computer, and contact Technical Support immediately.


The final proof that you are infected comes in the form of an exceptionally arrogant notification, similar to this one:





Whether you have high levels of security in place or not, there is no substitute for user vigilance.


Here are some of the best ways to safe guard against cyber-attack:


1) User Vigilance

Do not open attachments, or click links within emails unless you are certain the email is legitimate (ie. you are expecting that email, or it is a continuation of an existing thread).   Emails that 'turn up out of the blue' are the ones to be especially guarded about.   Even if an email is from a trusted source, ask yourself - it is composed in a way that is true to that individual?   For example, my contacts tend not to use the phrase "hey buddy - check this out!!"  If in doubt, resort to the following alternative measures before opening that file.


Note. Opening the email in read view is unlikely to unleash an infection.  It is usually only the act of clicking the link, or opening the attachment that causes the damage.   Delete any suspicious emails - do not forward it on to a colleague for scrutiny - doing so will simply spread the potential for infection.


2) Alternative measures

If in doubt about an attachment, consider calling or emailing the sender in a SEPARATE email asking them to confirm the email was legitimate.  Alternatively, open the email ON YOUR PHONE or IPAD.  Doing so is highly unlikely to damage your phone, but in any case, a phone can be reset easily - a PC (or network) cannot.


3) Check your version of Windows

If you are running Windows XP, then you are most at risk.  Microsoft no longer support this operating system, so you are seriously exposed to exploitation.  If you are running Windows 7 or higher, you may still be at risk if you have not applied all of the free updates provided by Microsoft (see below).  These updates PLUG vulnerabilities, and will help to keep your systems safe.


4) Applying Windows Updates

For information on how to apply updates - click for our Instructions Guide


Be patient with Windows critical updates this week.  Millions worldwide will be applying them, so Microsoft may struggle to meet the demand.  Just keep trying and continue to use your computer in the usual way, whilst the updates are installing.


5) Backup your computer

The authors of this ransomware assume they are infecting your only copy of your valuable documents.   If you backup your computer on a regular basis, you will be able to restore your files should you be unfortunate enough to become infected.   Rotate your backups where possible (ie. one backup per day if possible).   For instructions on how to backup a standalone computer/laptop, view our SHOW ME HOW video. 


6) Invest in Spam Protection

If you do not have a spam filter in place, get one.  Spam filters help to protect your inbox from suspicious items, which in turn will reduce the risk to you or your staff.


The ability to recover from ransomware depends entirely on how long the infection ran for and how much damage has been done.  In most cases, we are able to recover systems using effective cleanup tools and techniques.  However in extreme cases, a full system rebuild is required.    


I have no doubt the NHS Trust will have learned valuable lessons from this recent attack.  In the meantime, it will take time for the cleanup and recovery process to be completed, so I will certainly be cutting the staff some slack should I be faced with an unfortunate need to attend my local GP or NHS hospital.


If you are concerned about the security of your system and would like a system security check, or if you need anti-spam or anti-virus protection, please call us on 01933 229133.




Sally Latimer-Boyce - Expert in business-critical computing