Ransomware attack: Update from the National Cyber Security Centre
15th May 2017
Businesses have today been advised about the essential steps they need to take to protect their computer systems in the wake of Friday's global ransomware attack.
In an update, the National Cyber Security Centre (NCSC) - part of GCHQ - said there appeared to have been no fresh attacks over the weekend but warned that some may have not yet been detected.
"This means that as a new working week begins it is likely, in the UK and elsewhere, that further cases of ransomware may come to light, possibly at a significant scale," said NCSC in statement.
"Our national focus must therefore be on two lines of defence.
"The first is to limit the spread and impact of the attacks that have already occurred. Due to broad government and partner efforts, a variety of tools are now publicly available to help organisations to do this.
"This guidance can be found on our homepage - http://www.ncsc.gov.uk - under the title Protecting Your Organisation From Ransomware: https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance.
"We know already that there have been attempts to attack organisations beyond the National Health Service.
"It is therefore absolutely imperative that any organisation that believes they may be affected, follows and implements this guidance.
"We have set out two pieces of guidance: one for organisations and one for private individuals and SMEs which can be applicable regardless of the age of the software in question.
"It will be updated as and when further mitigations become available and we will announce when updates have been made on Twitter (@ncsc) and elsewhere.
"Secondly, it is possible that a ransomware attack of this type and on this scale could recur, though we have no specific evidence that this is the case.
"What is certain is that ransomware attacks are some of the most immediately damaging forms of cyberattack that affects home users, enterprises and governments equally.
"It is also the case that there are a number of easy-to-implement defences against ransomware which very considerably reduce the risk of attack and the impact of successful attacks.
"These simple steps to protect against ransomware are not being applied by either the public or organisations as thoroughly as they should be."
The NCSC issued the following simple steps for companies to take, to protect their computer systems:
1 Keep your organisation's security software patches up to date
2 Use proper anti-virus software services
3 Most importantly for ransomware, back up the data that matters to you, because you can't be held to ransom for data you hold somewhere else.
Home users and small businesses can take the following steps to protect themselves:
1 Run Windows Update
2 Make sure your AntiVirus product is up to date and run a scan - If you don't have one install one of the free trial versions from a reputable vendor
3 If you have not done so before, this is a good time to think about backing important data up - you can't be held to ransom if you've got the data somewhere else
The NCSC statement added: "In the days ahead, the NCSC, working closely with the National Crime Agency in support of their criminal investigation, and with international partners in both other governments and the commercial sector, will continue our round-the-clock effort to get ahead of this threat.
"We would like to reassure the public that resources from the Government, law enforcement and public and private sector organisation are working together to manage further disruption from the current attack and to increase protection against any further attacks in the coming days.
"The country's security and law enforcement agencies are working round the clock to protect the public. Private sector efforts have made a very significant contribution to mitigate the cyberattacks so far and to prevent further disruption.
"NCSC will provide further updates as and when appropriate."
Picture credit: pixabay
Copyright 2017 Moose Partnership Ltd. All rights reserved. Reproduction of any content is strictly forbidden without prior permission.