Latest advice from Xyone - International Ransomware Attack, May 2017
Following the international ransomware-based cyber attack that began on Friday 12th May 2017, this is our latest advice:
Keep your systems and services up-to-date
Please ensure that your operating system's security patches are up-to-date. A patch for the Microsoft Windows Server Message Block (SMB) Server vulnerability which was exploited last Friday is available online on Microsoft's website here. We recommend automatically updating your systems with security updates as often as possible. This vulnerability was marked as Critical on many versions of Windows, including XP, 7, 8 and 10, along with Windows Server 2008/2012/2016. Your antivirus protection may have already been able to protect you from vulnerabilities such as this. Keeping your protection current is as important as regularly updating the security of your operating system, allowing these services to respond to the latest threats and attempts at compromising your system.
Securely back up all data that you rely on
In this instance, the ransomware affected thousands of organisations, and individuals across the globe. The malware "WannaCry" made many files and programs unusable by encrypting them, claiming that users exploited can only retrieve their data by paying a ransom to decrypt all affected data on their systems. By keeping a recent back up, you and your organisation(s) should be able to reduce the impact that an attack could have.
Be vigilant when communicating online
Make sure that you only reply to emails or other online messages from senders you recognise and trust. Furthermore, even if the sender is known to you, if their message demands that you follow a link or provide personal information, be wary of this communication. Spoofed senders' credentials, malicious attachments and phishing links could all intend to harm your system, so, especially in times of a large-scale cyber attack taking place, make sure to take all precautions possible when conversing online, and verify the identity of those you communicate with when personal or sensitive information is requested.
The National Cyber Security Centre has updated their advice available to provide guidance for protecting against ransomware, which can be found on their website, along with a statement on the attack. The Windows SMB Server security update linked above also includes workarounds for if you suspect your system is affected and has not been updated yet, since the patch was released (March, 2017). Oliver Gower, Deputy Director of the National Crime Agency’s National Cyber Crime Unit, has stated: "Victims of cyber crime should report directly to ActionFraud. We encourage the public not to pay the ransom demand.” (the National Crime Agency's full statement is available on the NCA's website)