Posted on 16th May 2017
MESSAGE FROM NATIONAL CYBER SECURITY CENTRE (NCSC):
Since the global coordinated ransomware attack on thousands of private and public sector organisations across dozens of countries on Friday, there have been no sustained new attacks of that kind. But it is important to understand that the way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks.
This means that as a new working week begins it is likely, in the UK and elsewhere, that further cases of ransomware may come to light, possibly at a significant scale.
Our national focus must therefore be on two lines of defence.
The first is to limit the spread and impact of the attacks that have already occurred. Due to broad government and partner efforts, a variety of tools are now publicly available to help organisations to do this. This guidance can be found on our homepage – ncsc.gov.uk – under the title Protecting Your Organisation From Ransomware: https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance
We know already that there have been attempts to attack organisations beyond the National Health Service. It is therefore absolutely imperative that any organisation that believes they may be affected, follows and implements this guidance. We have set out two pieces of guidance: one for organisations and one for private individuals and SMEs which can be applicable regardless of the age of the software in question. It will be updated as and when further mitigations become available and we will announce when updates have been made on Twitter (@ncsc) and elsewhere.
Secondly, it is possible that a ransomware attack of this type and on this scale could recur, though we have no specific evidence that this is the case. What is certain is that ransomware attacks are some of the most immediately damaging forms of cyber attack that affects home users, enterprises and governments equally.
It is also the case that there are a number of easy-to-implement defences against ransomware which very considerably reduce the risk of attack and the impact of successful attacks. These simple steps to protect against ransomware are not being applied by either the public or organisations as thoroughly as they should be.
Three simple steps for companies to undertake which are also set out on our website (https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware) and can be summarised as follows:
|Protecting your organisation from ransomware – NCSC Site
How does ransomware infect your system? Computers are infected with ransomware via a number of routes. Sometimes users are tricked into running legitimate-looking …
Home users and small businesses can take the following steps to protect themselves:
In the days ahead, the NCSC, working closely with the National Crime Agency in support of their criminal investigation, and with international partners in both other governments and the commercial sector, will continue our round-the-clock effort to get ahead of this threat. We would like to reassure the public that resources from the Government, law enforcement and public and private sector organisation are working together to manage further disruption from the current attack and to increase protection against any further attacks in the coming days. The country’s security and law enforcement agencies are working round the clock to protect the public. Private sector efforts have made a very significant contribution to mitigate the cyber attacks so far and to prevent further disruption.
We will provide further updates as and when appropriate.
"I am delighted to have a long-standing relationship with the BHBPA. Since its foundation the Association has gone from strength to strength and there is no doubt that it has brought huge benefits to its members and the business community as a whole through the partnerships it has formed with the local authorities, Sussex Police and local organisations. It is paramount that Burgess Hill businesses have an effective collective voice."
"This association was started with a lot of effort from a few local businessmen and has proved to be a very powerful and useful tool for our business. The BHBPA has influence at the top level; when action is needed, the BHBPA gets it done. We are kept in touch with all that is happening on our doorstep and will often act because of what is published in the weekly emails / newsletters."
"The BHBPA is an energetic and vocal organisation that connects and empowers and informs the local business community acting as an effective conduit to local authority and other organisations. We are proud to be part of that community and the association."
""BHBPA is a really well organised and run group, great for networking and benefitting from knowledgeable local speakers with real business insight. Peter brings enthusiasm and humour which helps drive the association forward. I am glad to be part of it.""