It began with some warning signs across NHS boards in Britain. Eventually more than 200,000 people across 150 countries had been affected.
A total of 12 Scottish health boards, including the ambulance service, were among those targeted in the worldwide cyber attack which has prompted much cause for concern.
Friday’s initial attack came from ransomware, which is a piece of software that invades computer systems and takes control of files.
The hackers demanded Bitcoin payments of £230 to unlock NHS IT systems.
Nick Lambert, operations director at MaidSafe, said a lack of resources for the public sector has meant this kind of attack has been expected by the industry.
He told STV News: “I think when you see a public sector, particularly the NHS, it’s no surprise to anyone that it’s pretty under-resourced right now and is obviously in the press quite a lot.
“Some of the stuff I read was some of the security patches issued by Microsoft had not been updated and I think they were issued back in March.
“I don’t think many people in the industry would be overly surprised this happened – probably the scale of it is a little bit of a surprise.
“There are quite a lot of things people could do, and it is becoming harder because the attacks are becoming more sophisticated. Ordinary users can protect themselves and a lot of it is kind of common sense.”
So just how easy is it to ensure your safety online?
Keep your software up-to-date
Nick says: “When those annoying pop-ups appear saying you should update your software to the later version… don’t keep putting it off until the next day that never comes.
“Actually go and do it. Because sometimes these can contain security patches for some of these flaws that appear.”
Regular updates can (and should) be made to your:
- Operating system (Windows, Mac, OS X)
- Email clients (if you don’t run web mail and use a separate programme, make sure that’s updated)
- Web browsers (because a lot of people use actual web mail as opposed to email)
Cary Hendricks, global operations director at Glasgow-based ID Cyber Solutions, says users should not keep any unsupported operating systems.
He added: “Getting rid of any unused software or services on your particular machine is important.
“Just because you don’t use it doesn’t mean you’re not going to be attacked through those kind of services.”
Be careful with attachments
Nick says: “I would not open an attachment from someone that I didn’t know or from someone whom I wasn’t expecting an email from, regardless of how legitimate an email looked. I just wouldn’t do it.
“And if you see a link in an email, sometimes people put a hyperlink into the body of an email, I would never click that again unless it was somebody I trusted.
“I would always then go into my browser and search for what it is they’re trying to link to.
“That way I always make sure I get to the correct site and not maybe a site they’ve set up to make it look like the correct one if that makes sense.”
“It’s probably a good thing to be slightly paranoid about things like this.”
Maintain regular back-ups
Devices for storing files and back-ups have gone up in space and down in price and the average computer user is able to store a terabyte (more than 1000 gigabytes) fairly easily.
Investments like these that can protect against the kind of attacks made on Friday.
Nick explains: “Ransomware locks down your machine and starts encrypting files so people can’t access them.
“If you’ve got it backed up somewhere else then it would still be an issue for you but you can still go to another computer and access that information which may help your decision about whether you pay the ransom or not.”
Get some education
Many will be sitting reading this article thinking they don’t understand some of these terms or can immediately think of someone who could be at risk if not properly protected.
Even the experts in the field feel the same.
Nick says: “My mum doesn’t own a desktop or laptop, she uses a tablet as well. And relatively new to the internet as well – she can browse and buy stuff online but is unaware of things like phishing attacks and all this type of thing.
“There needs to be a bigger attempt to educate people. I know the government have the cyber security fund set up now, and we’re probably still trying to figure out what those details are, but if I think about whether it’s my own mum or in-laws or something like that, they’re constantly confused about internet technology generally.
“I don’t see many courses being announced locally or anything like that to help train people.”
He added: “That’s what’s really required: actually getting people/users trained in what to do and what not to do in these types of situations.
“I think that would be a huge thing, it’s something that’s probably not done as well as it could be right now.”
The UK Government has a 34-question survey which you can take to check if you are indeed protected and kept up-to-date with everything mentioned above.
Will there be another attack?
Cary admitted to STV News: “I don’t think we’re over the worst of it at all.”
He added: “The reason why this particular attack being stopped was because of the kill switch being found and the infections dramatically dropped off after that.
“What we are seeing now is the next stage is going to be there’s no kill switch embedded within the next variation which means it’s going to be much, much harder to stop.
“We anticipated it as a have-a-go type attack but with this being transformed has changed the landscape quite dramatically.”
The kill switch in question came when one man found a domain name linked to the attack and purchased it, for around £8, which halted any further damage being made.
Do you have an unusual story to tell? E-mail firstname.lastname@example.org