We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
How to cut your risks of a human-operated ransomware attack
Many ransomware attacks are not fully automated but involve individuals gaining access, moving around your system and then deploying malware. Simon Dyson, NHS Digital’s Cyber Security Operations Centre lead, discusses how organisations can make it hard for them.
22 September 2020
The ‘new normal’ of working from home has accelerated the use of digital technology at a pace we would never have imagined back in January – bringing with it threats as well as benefits.
The nature of the threats we face has not changed significantly, but the way in which we now connect to our organisation’s networks remotely could offer opportunities for malicious actors. The range of remote devices makes the potential attack surface greater.
However, the launch of a centrally funded solution, NHS Secure Boundary, can protect NHS organisations from even the most sophisticated of cyber attacks.
One type of malware commonly seen in cyber-attacks is Ransomware, which encrypts and locks data on devices, preventing access or even exfiltrating or deleting it. Often there is a demand for a ransom (hence the name) with a promise that the data will be made available once the payment has been made.
It’s therefore crucial to make regular off-site backups of important data, ensuring there are multiple copies and the devices on which backups are stored are not permanently connected to the network.
These connections can be used as a target and a way in for attackers if they are exposed to the internet without appropriate security.
Organisations should take preventative action to reduce the likelihood of a successful attack in which human-operated ransomware can be deployed. In the current climate, there is a significant increase in Remote Desktop Protocol (RDP) connections which allow devices to connect over the internet or a local network. These connections can be used as a target and a way in for attackers if they are exposed to the internet without appropriate security.
Multi-factor authentication should be used wherever possible, and users should be provided with the ability to connect via a Virtual Private Network (VPN) or a DirectAccess connection. Both of these can reduce the risk of a successful RDP attack because they encrypt the connection between staff and business systems which stops sensitive data being intercepted.
The potential impact of a human-operated ransomware attack can be significantly reduced by taking action to prevent attackers laterally moving from one device to another within a network, searching for any vulnerabilities.
We must continue to evolve and develop to stay one step ahead.
The solution now protects all the Health and Social Care Network internet traffic and is onboarding direct internet connections for NHS Trusts and CSUs. To learn more about this solution, please get in touch with the team at firstname.lastname@example.org.
It’s important to educate your staff and raise awareness of common cyber threats – they are an important layer in a defence in-depth strategy – having as many layers of defence as possible. There are a range of resources available to support you to do this, including our own "Keep I.T. Confidential" campaign materials and the National Cyber Security Centre's cyber security training for staff, to name a couple.
We must continue to evolve and develop to stay one step ahead. You can find out more about how we can help you further at our cyber and data security website.
Our free secure boundary service is a perimeter security project supporting NHS organisations. Find out how we can help you secure your organisation.
John Noble, the non-executive director who leads on information and cyber security for the NHS Digital Board, looks at the cyber threat facing the NHS as it deals with the coronavirus (COVID-19) pandemic.