The fallout from the major ransomware attack that hit 150 countries over the weekend continues, though Irish governmental incidents remain few and far between.
While the UK’s National Health Service (NHS) remains engulfed in a massive cyberattack, it appears that Irish officials, to date, have been fortunate.
That’s according to information from Ireland’s Department of Communications, with Minister Denis Naughten, TD, claiming that just one incident has hit the HSE.
However, that single case might be optimistic, with reports today (15 May) of incidents discovered in three separate hospitals in Ireland. Each incident has, apparently, been dealt with already – and, as it turns out, they were not related to WannaCry.
Luck of the Irish?
“There have been no further reported incidences of the [WannaCry] malware in Ireland, beyond the isolated case in a HSE-funded facility in Wexford on Saturday,” Naughten said.
“It is still possible that further incidences will arise and a sustained period of vigilance will be required, both in terms of updating and patching software and monitoring equipment.”
Naughten said the National Cyber Security Centre has issued notices to departments and agencies to mitigate some of the risks, with this morning’s update detailing the malware and how to deal with it.
The attack grew over the weekend after emerging on Friday afternoon (12 May) from 45,000 victim systems to an estimated 200,000, crippling large organisations from the NHS in the UK to Renault factories in France, Telefónica in Spain as well as Russia’s second largest mobile operator, MegaFon.
The fact that so many organisations have fallen victim to the cyberattack raises questions over just how robust their systems were, in terms of basic antivirus and security patch measures, but also why so many organisations were running dated versions of Windows, such as Windows XP, which Microsoft no longer supports.
The Microsoft reference comes from the way WannaCry attacks vulnerable Windows computers, with the whole affair a walking advertisement for updating operating systems and security patches.
Bitdefender, for example, was quick to laud its own service, claiming its software successfully blocks such a form of malware, with other security companies also pointing to the standard advice tip: stay updated.
“The last-line defence against ransomware is a secure, reliable backup,” said Nigel Tozer, solutions marketing director for EMEA at Commvault. “As the NHS is currently demonstrating, cyber-attackers seem to be one step ahead of threat-detection software at the moment.”
Back it up
Secure backups, so, are the order of the day – though that’s a little too late for those already hit by WannaCry.
“If your backup software can spot early signs of rogue encryption there, or in your data centre, you have an important, additional line of defence,” Tozer said.
“While in hindsight, the NHS would love to be able to access its backup files in response to this attack, this is a good lesson for all organisations about the need for a proactive plan.”
Indeed the ‘lesson learned’ attitudes are flowing, with EY Ireland calling the whole affair a “wake-up call” for companies of all shapes and sizes.
“The WannaCry ransomware hammers home some simple truths, none of which are particularly new but all of which merit renewed priority,” said Hugh Callaghan, cybersecurity leader at EY Ireland.
“Businesses need to focus attention on identifying and managing the cyber risks arising from their heavy reliance on technology – specifically understanding the top cyber threats and breach scenarios that disrupt operations.”