Thousands of travel money customers were left with no currency following the latest cyber-attack to hit the headlines.
As the New Year dawned, Global currency trader Travelex became the victim of a ransomware attack, leading to the firm having to suspend some of its services so that the software virus could be contained and data protected. Whilst there is no indication as yet that any customer data has been compromised, the effect on reputation and interruption to services has already been considerable.
Ransomware attacks are renowned for being incredibly disruptive and costly. In 2017, the devastating WannaCry attack cost the NHS £92 million as 19,000 appointments were cancelled and healthcare was seriously affected.
What is ransomware?
Ransomware is a form of malware that encrypts a victim’s files so that data cannot be accessed. The attacker then demands a ransom from the victim in exchange for restoring the data. In the case of Travelex, it has been reported that the attackers are demanding £4.6 million, otherwise company computer systems will be deleted and customer data sold online.
Ransomware often stems from phishing scams where attachments that look like they can be trusted are emailed to a victim. Once downloaded and opened, they can take over the victim’s computer. Some of the more aggressive forms of ransomware exploit security holes in operating systems, infecting computers without the need to deceive users. One such security vulnerability is BlueKeep, discovered in May 2019 to be affecting older versions of Microsoft Windows.
What is BlueKeep?
BlueKeep presents a significant risk because it attacks an operating system’s Remote Desktop Protocol (RDP), the method by which computers connect over a network. Once one computer is compromised, the cyber threat spreads very quickly, infecting all the PCs on the network.
As soon as the BlueKeep threat was discovered, Microsoft compelled around a million users to apply a security update. The warning was reinforced by the UK National Cyber Security Centre and the US National Security Agency.
Anyone still operating older versions of Microsoft Windows – Windows 7, Windows Server 2008 R2 or Windows Server 2008 – could be at risk if they have not yet installed the security update. Users running Windows 2003 or Windows XP will not have automatically received the updates as these versions are out of support. Windows 8 and Windows 10 operating systems are not affected.
How to protect against BlueKeep?
The advice is to download and apply the security update that has specifically been designed to address the BlueKeep vulnerability. If you are running an in-support version of Windows, you will find the necessary downloads in the Microsoft Security Response Centre. If you have automatic updates enabled then you will be automatically protected.
If you are running an out of support version of Windows, the best advice is to upgrade to the latest version. Microsoft has said though that it is making fixes available for out of support versions of Windows.
The importance of staying up to date
It is worth noting that support for Windows 7 will end on 14th January 2020. This is known as ‘Windows 7 End of Life’, and means that anyone running Windows 7 will no longer receive any future software or security updates, fixes or technical support, potentially putting them at risk of cyber threats. Microsoft recommends upgrading to the latest version of Windows, or subscribing to Extended Security Updates.
Windows 7 was the most widely affected version affected by the 2017 WannaCry attack. When support ends, it could spark an open invitation for criminals to target the platform.
The importance of keeping your computers updated with all the latest system and security updates cannot be over-emphasised. Turning on automatic Windows security updates is the best way to keep your business safe, and your reputation intact. Updating to the latest versions of an operating system will also ensure you have the best possible chance of staying secure.
Cyber risk insurance
It is crucial to be aware that cyber-crime incidents are not usually covered on a commercial combined policy, and that not all cyber risk policies are created equal, so be certain to check you have the cover you think you have.
Specialist cyber risk insurance will, depending on the individual policy, provide cover for breach related costs and privacy protection. Cover can also be arranged for business interruption resulting from a cyber-attack and also for cyber liability, hacker damage and cyber extortion, the issue that Travelex is currently facing.
For tailored advice, we welcome you to get in touch.
You may find our other posts on the subject of cyber-crime useful: