On Friday afternoon (12 May) a global ransomware attack hit almost 100 countries, affecting systems in hospitals, schools, governments and busineses.
The issue has taken down systems in Russia, Germany, India and the US. In the UK, the NHS has been affected badly by the attack, with infected computers using malware to demand $300 payment in return for unlocking each machine.
Cyber-security firm Avast said it had seen 75,000 cases of the ransomware – known as WannaCry and variants of that name – infect computers internationally.
No group has yet claimed responsibility for the worldwide attack, but NBC reports that experts believe the perpetrators used tools stolen from the National Security Agency (NSA).
UK prime minister Theresa May said the attack was 'not targeted' at the NHS but part of a wider assault, and a Cobra meeting has been chaired to deal with the aftermath. But as officials scramble to control the damage, brands like Portugal Telecom, FedEx and Renault have also been impacted.
A UK online security researcher, tweeting as @MalwareTechBlog, said he had inadvertently halted the spread of the virus, but warned it was only a temporary fix.
As the fallout from the hack continues, The Drum takes a look at how marketers can prevent and prepare for a cyber crisis.
Backup your files
The attack meant hospitals in Scotland and England were unable to take scheduled appointments, leaving both doctors and patients with questions. Speaking to BBC Breakfast, home secretary Amber Rudd admitted there was a chance not all NHS files were backed up, but that the UK cyber security agency said experts were "working round the clock" to restore systems.
The National Cyber Security Centre (NCSC) advises that in order to protect themselves organisations should ensure that they have fully tested backup solutions in place – a measure that's also likely to prevent a PR crisis for brands faced with questions from consumers if security is compromised.
"Backup files should not be accessible by machines which are at risk of ingesting ransomware," the NCSC advises. However, it cautions that even if the victim has a recent backup of their system, it may still take considerable time to restore normal operations.
Make sure your systems are up to date
Some experts have implied that this weekend's attack may have been built in response to a weakness in Microsoft systems identified by the NSA. Businesses would be well advised to make sure their systems are up to date so as to avoid hacks in the first place or criticism should they come under fire from hackers.
Microsoft released a statement on Friday saying it would roll out a fix for the vulnerability to users of older operating systems – like Windows XP – which wouldn't have automatically updated to patch the problem.
Avast has penned a blog in which it states: "We strongly recommend all Windows users fully update their system with the latest available patches."
In the UK, the government have faced criticism from Labour opposition for seemingly failing to upgrade and protect systems. Labour leader Jeremy Corbyn said there had been repeated warnings about the vulnerability outdated NHS systems, including from the NCSC and the NSA.
Communicate with staff and customers
Speaking to ITV Ben Rapp, the chief executive of Managed Networks and an expert on cyber security, said the standard way for ransomware to be sent was in an email.
"Train your staff not to open emails that they’re not expecting. Not to click on links or download software they don't know anything about," he added. "The vast majority of this stuff requires you to act. There are exceptions to that, but usually the user has to do something."
In the event of an attack, ensure staff are briefed quickly. Spanish telecommunications firm Telefónica reportedly told staff to turn off computers and disconnect from the company internal VPN as soon as it was made aware of the situation.
Both Renualt and FedEx have been affected but were quick to release statements to let customers know they were working on solutions. "We have been affected," a spokeswoman for Renault told AFP, saying the brand was assessing the situation to try to find a solution. "Work is going on since last night. We are doing what is needed to counter this attack," she added.
The fallout from the attack isn't over, but an accidental fix has slowed down the spread of the infection.
“We are on a downward slope, the infections are extremely few, because the malware is not able to connect to the registered domain,” Vikram Thakur, principal research manager at Symantec, told the Guardian. “The numbers are extremely low and coming down fast.”
There are warnings, however, that the attackers could tweak the code behind the chaos and start the cycle again. The researcher who tweeted about slowing down the ransomware's spread told Reuters he had not seen any such tweaks yet, "but they will".