Business Guidance for WannaCrypt Attacks

Business Guidance for WannaCrypt Attacks

Category : Uncategorised

Business Guidance for WannaCrypt Attacks

After the events of Friday where thousands of computers were infected with the WannaCry Ransomware, many were left wondering what they should do now.

Key Protect messages for businesses to protect themselves from ransomware:

  • Install system and application updates on all devices as soon as they become available. 
  • Create regular backups of your important files to a device that isn’t left connected to your network as any malware infection could spread to that too.
  • Install anti-virus software on all devices and keep it updated. 

The National Cyber Security Centre’s technical guidance includes specific software patches to use that will prevent uninfected computers on your network from becoming infected with the “WannaCry” Ransomware, click here to read.

Advice from Microsoft Security Response Centre:

  • In March, a security update which addresses the vulnerability that these attacks are exploiting was issued. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organisations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.
  • For customers using Windows Defender, we released an update which detects this threat as Ransom:Win32/WannaCrypt. As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider, that they are protected.
  • This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect against SMBv1 attacks, customers should consider blocking legacy protocols on their networks).

What to do if your organisation has been infected with ransomware:

If you need to know more about ransomware and its effects, or you have a ransomware issue, there are a number of sources of further advice and guidance:
  • The City of London Police’s National Fraud Intelligence Bureau has issued an alert urging both individuals and businesses to follow protection advice immediately and in the coming days. Ransomware Incident 
  • The National Crime Agency encourages anyone who thinks they may have been subject to online fraud to contact Action Fraud at www.actionfraud.police.uk. The NCA encourages industry and the public not to pay the ransom.
  • The National Cyber Security Centre (NCSC) runs a commercial scheme called Cyber Incident Response, where certified companies provide crisis support to affected organisations.
  • The Cyber Security Information Sharing Partnership (CiSP) offers organisations in the UK a safe portal in which to discuss and share intelligence that can assist the community and raise the UK’s cyber resilience. Members are encouraged to share technical information and indicators of compromise so that the effects of new malware, and particularly ransomware, can be largely reduced.

Leave a Reply

four × two =