Following the global co-ordinated ransomware attack on thousands of private and public sector organisations across dozens of countries on Friday, the National Cyber Security Centre (NCSC) has highlighted the two lines of defence which must now come into play.
According to the organisation, the first is to limit the spread and impact of the attacks that have already occurred. Due to broad government and partner efforts, a variety of tools are now publicly available to help organisations to do this. This guidance can be found on the homepage under the title, ‘Protecting Your Organisation from Ransomware.’
The centre has set out two pieces of guidance: one for organisations and one for private individuals and SMEs which can be applicable regardless of the age of the software in question.
Secondly, it is possible that a ransomware attack of this type and on this scale could recur, though we have no specific evidence that this is the case. What is certain is that ransomware attacks are some of the most immediately damaging forms of cyber attack that affects home users, enterprises and governments equally.
It is also the case that there are a number of easy-to-implement defences against ransomware which very considerably reduce the risk of attack and the impact of successful attacks. These simple steps to protect against ransomware could be applied more thoroughly by the public and organisations
Companies can undertake three simple steps which are also set out on our website and can be summarised as follows:
- Keep your organisation’s security software patches up-to-date
- Use proper antivirus software services
- Most importantly for ransomware, back up the data that matters to you, because you can’t be held to ransom for data you hold somewhere else
Creighton Magid, partner at the international law firm Dorsey & Whitney, has warned that there’s a much more dangerous issue that needs to be addressed and it could endanger lives.
‘The cyber-attack, using a ransomware bug known as WannaCry, appears to have used an NSA exploit known as ‘Eternal Blue’ that was disclosed on the web by Shadow Brokers.
‘Microsoft released a patch earlier this year to address the vulnerability, but it appears that a number of hospitals and other users have not applied the patch,’ Magid explained.
‘Like the DDOS attack last October, this attack shows that interconnected devices and systems are vulnerable to attack by nations, non-state actors and just plain crooks.’
For up-to-date information, visit www.ncsc.gov.uk.