WannaCry Ransomware: Latest NCSC Guidance
The National Cyber Security Centre (NCSC) has released its latest guidance note for small business and enterprise users about the WannaCry ransomware that was behind the much publicised worldwide cyber attack that infected millions of computers.
This guidance note is aimed at supporting businesses to tackle the threat that version 2 of WannCry poses to their cyber security.
The NCSC is aware of a ransomware campaign relating to version 2 of the “WannaCry” malware affecting a wide range of organisations globally.
NCSC is working with affected organisations and partners to investigate and coordinate the response in the UK. This guidance will be updated as new information becomes available.
From investigations and analysis performed to date, we know that the malware encrypts files, provides the user with a prompt which includes a ransom demand, a countdown timer and bitcoin wallet to pay the ransom into.
What is WannaCry?
WannaCry is a type of malicious software known as ransomware. Ransomware makes your data or systems unusable until the victim makes a payment. Ransomware can also be referred to as malware. Malware stands for malicious software.
How does WannaCry work?
The malware uses the vulnerability MS17-010 to propagate through a network using the SMBv1 protocol. This enables the malware to infect additional devices connected to the same network. This particular form of ransomware was designed specifically to target versions of Microsoft’s Windows operating system.
What can you do to protect your business from WannaCry?
‘WannaCry’ guidance for enterprise administrators can be found here
‘WannaCry’ guidance for small business users and home users can be found here
What to do if your business has been infected with ransomware
The NCSC has also advised that you take appropriate action if you believe you have been infected by ransomware, There are a number of sources of further advice and guidance:
- The National Crime Agency encourages anyone who thinks they may have been subject to online fraud to contact Action Fraud at www.actionfraud.police.uk. It is a matter for the victim whether to pay the ransom, but the NCA encourages industry and the public not to pay.
- The National Cyber Security Centre (NCSC) runs a commercial scheme called Cyber Incident Response, where certified companies provide crisis support to affected organisations.
- The Cyber Security Information Sharing Partnership (CiSP) offers organisations in the UK a safe portal in which to discuss and share intelligence that can assist the community and raise the UK’s cyber resilience. We encourage our members to share technical information and indicators of compromise so that the effects of new malware, and particularly ransomware, can be largely reduced
How can I show my business is cyber secure?
Business certification is available to show potential clients or buyers that your organisation is cyber secure through the Cyber Essentials certification. Under this scheme, which is backed by Government and supported by industry, organisations can apply for a badge which recognises the achievement of government-endorsed standards of cyber hygiene.
For more information on Cyber Essentials and how this can support you to win contracts with the Military of Defence in the UK check out more information here