Measures to Protect Against Malicious Ransomware

In the wake of the recent, global WannaCrypt ransomware attack, which crippled thousands of computers in more than 200,000 organizations and 150 countries, AAFCPAs would like to remind clients of the critical importance of taking measures to protect against malicious cyber-attack.

What is ransomware and WannaCrypt?

Ransomware is a malicious software that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it.  The latest WannaCrypt, otherwise know as “WannaCry,” ransomware used a flaw in Microsoft’s software.  It is reported that the vulnerability was discovered by the National Security Agency long ago, and was leaked last month by hackers to spread rapidly across networks. Reports on Friday, May 12th, 2017 indicate the impact started in England as 47 National Health Service trusts were affected, causing significant disruptions in their operations.
AAFCPAs’ IT assurance, security and governance professionals have seen increased activity in ransomware attacks, and we expect the trend to continue as attackers target systems vulnerabilities.

What can you do to minimize your ransomware vulnerabilities?

  • Patch your systems (OS and software) regularly. Have the systems auto download patches when able, and check daily for any updates & install accordingly.
  • Back up your data daily, at a minimum, and store it in a separate system where you may access it on demand in the event your primary system is infected.
  • Install and keep your antivirus and malware software updated.
  • Educate your employees on the risks of ransomware, computer hack attacks, and phishing emails. This includes alerting them to what to look for, and how to respond if something looks suspicious. If something does not look right, it probably isn’t.

Awareness is critical. Unfortunately, this is a new era in cyber-security, and your entire organization needs to be aware of all the latest developments in order to better guard against, and minimize the risk of becoming a victim of a cyber-attack.
For a cyber-security assessment, or advice on how to protect your organization against ransomware or cyber-attacks, please contact James Jumes at 774.512.4062,, Vassilis Kontoglis at 774.512.4069, or your AAFCPAs partner.

About the Author

James Jumes
James joined AAFCPAs in 2013 to lead the Business Consulting Services practice. He has more than 25 years of experience working with information technology systems and diverse business operational processes. James is highly experienced in IT controls and assurance, SOX 404, and Service Organization Control (SOC) reports: SOC 1 (SSAE 18), SOC 2, SOC 2+ and 3 attestation reporting.  James developed a unique methodology to delivering SOC reporting services, and he is an AICPA-approved Peer Review SOC Specialist, assisting peer review teams to review SOC 1, 2, 2+ and 3 engagements. He is a HITRUST Certified Common Security Framework (CSF) Practitioner, providing HITRUST CSF self-assessment consulting, or SOC 2 + HITRUST for assessing against the evolving compliance landscape shaped by HITECH, HIPAA, CMS and various other federal, state and business requirements.