Ransomware Advice

Tue 16th, May

Protect officers within the Eastern Region have been asked by the National Cyber Security Centre (NCSC) to broadcast the latest advice regarding how you can protect yourself from the worldwide RANSOMWARE attack seen last Friday 12th May 2017.

Protect officers within the Eastern Region have been asked by the National Cyber Security Centre (NCSC) to broadcast the latest advice regarding how you can protect yourself from the worldwide RANSOMWARE attack seen last Friday 12th May 2017 and reduce the potential for other similar attacks.
There are some direct advice links below for :
• The Home User
• The Enterprise User
• General advice from the NCA.

Microsoft – “This ransomware can stop you from using your PC or accessing your data. Unlike other ransomware, however, this threat has worm capabilities.”
“The exploit code used by this threat to spread to other computers was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems. The exploit does not affect Windows 10 PCs.”

Prepare:
o Understand the technical estate that you are responsible for, and patch all software on all systems within. Microsoft have also now released a patch for legacy Windows XP systems relevant to this malware.
o NCSC have also released additional defence steps relevant to the enterprise network defender.
o Use Anti-Virus software at all times and ensure that it too is updated.
o Backup your system or critical data to a storage device that is not within the same network. Consider cloud storage options where suitable.
o If you believe that you have been a victim of a ransomware attack, report it to your Local Police and in turn Action Fraud.

Master Level Guidance for use as reference:
• Main NCSC Statement: https://www.ncsc.gov.uk/news/statement-international-ransomware-cyber-attack
• General advice on how to protect yourself from ransomware: https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware
• General NCSC advice on patching systems: patch your systems
• Specific NCSC work with Tech community on mitigating this malware: https://www.ncsc.gov.uk/blog-post/finding-kill-switch-stop-spread-ransomware-0
• Guidance for home users: https://www.ncsc.gov.uk/guidance/ransomware-guidance-home-users
• Guidance for enterprise: https://www.ncsc.gov.uk/guidance/ransomware-guidance-enterprise-administrators

Important info from Industry Partners to be used as reference:
• MS description of malware: https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt
• Also from MS who have published a relevant patch for XP: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/