WannaCry and NotPetya don’t need eHealth users

Africa’s health systems need to match ransomware attacker’s sophistication. Neither Wanna Cry nor Not Petya, the latest types of attack, relies on files and users’ clicks to open email attachments. Instead, they seek systems vulnerabilities to access and spread across networks. Barkly, a cyber-security firm, describes it as misusing legitimate system tools and processes. Unlike previous methods of using suspicious executables, the new wave can avoid scrutiny from some cyber-security products. A Barkly’s video shows how they work.

Its solution includes:

  • Learn how cyber-attackers exploit tools to spread ransomware without files and  interaction instead of phishing emails
  • Know why attacks that don’t use interaction are becoming more popular, with two thirds of ransomware in Q1 2017 using the Remote Desktop Protocol (RDP) from Microsoft.
  • Test your security against fileless attack scenarios using a malware simulation tool.

 

This approach may help Africa’s eHealth programme to step up their cyber-security measures for ransomware. Simulation’s better than dealing with a ransomware aftermath.