Yorkshire and the Humber
Regional Organised Crime Unit

NHS cyber attack

News / May 15

Following the NHS cyber attack please see the advice for protecting yourself and your business.

Following the cyber attack on Friday 12th May 2017 which affected the NHS the Yorkshire and Humber Regional Cyber Crime Unit has provided some protection advice for individuals and businesses to follow immediately.

 

The National Cyber Security Centre's technical guidance includes specific software patches to use that will prevent unifected computers on your network from becoming infected with the "WannaCry" ransomware;

https://www.nscs.gov.uk/guidance/ransomware-latest-ncsc-guidance

For additional in-depth technical guidance on how to protect your organisation from ransomware;

https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware

 

The key messages for businesses to protect yourselves from ransomware;

- Install system abd application updates on all devices as soon as they become available.

- Install anti-virus software on all devices and keep it updated.

- Create regular backups of your important files to a device that isn't left connected to your network as any malware infection could spread to that too.

 

The key messages for individuals is essentially the same as businesses but with the addtional point;

- Only install apps from official app stores as they offer better levels of protection that some third party stores.

 

Our current understanding is the attack takes advantage of the Trojan named WannaCry and  exploits a known vulnerability in Windows Systems and that  it propagates itself through the network using SMB protocol. Patching to resolve this vulnerability has been available since March this year (MS17-010 patch  (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx) and individuals/businesses should check the date signatures for their Anti Virus software.

 

Recommended precautionary measures (at your discretion) are to :

 1.       Avoid opening email attachments for the time being wherever possible.

2.       Ensure all Windows Systems are updated with the MS17-010 patch

3.       Immediately update all antivirus engines to ensure that detection is made using latest signatures and monitor signatures to see if they include defence against Wanna Decryptor

4.       Ensure backups are in place in order to be able to restore data in case of infection

5.       Ensure that SMB service is not exposed on the Internet.

 

As more information becomes available the Yorkshire and Humber Regional Cyber Crime Unit will provide updates on our website and social media

www.yhrocu.org.uk and @YH_CyberProtect

 

© ODYSSEY 2016