NHS hands IT admins anti-ransomware advice
The NHS last night issued advice to IT admins and private individuals affected by Friday’s coordinated ransomware attack, estimated to have hit organisations in 99 countries.
While there have been no new sustained attacks of the same kind, said the department referring to 'WanaCypt0,' system and network compromises “may not yet have been detected.”
“This means that as a new working week begins it is likely, in the UK and elsewhere, that further cases of ransomware may come to light, possibly at a significant scale,” the NHS warned.
As a result, individuals should “limit the spread and impact” of the infections already in place and, secondly, should use “easy-to-implement,” ransomware-specific defences.
Elaborating, the recommendations were to keeping patches up-to-date; use “proper” AV products and back-up data, so that the data -- and its owner(s) -- cannot be held to ransom.
The more detailed guidance for admins, including patch MS17-010 (the malware uses the vulnerability MS17-010 to propagate via a network using the SMBv1 protocol), is available.
IT security staff at cyber defence service Countercept seem to agree with the advice, as they say the first step is to quickly identify vulnerable systems and isolate them from the network.
Once isolated, admins should patch the systems but, for an extra layer of defence, also deploy stricter network and host based firewall rules to all systems, so malware cannot spread laterally.
Countercept adds that depending solely on AV is unwise so, in addition, anti-ransomware software that actively detects and block processes seen to be encrypting files can be used.
Separately, in its bulletin on WCry, WannaCry and WannaCryptor (and variants), threat advisory Recorded Future said: “For now, the best advice is to ensure that all Windows systems are fully patched, to ensure that firewalls are blocking access to SMB and RDP ports, and to educate users to watch out for suspicious emails.”
Additional guidance has been issued and (linked to) by ‘Malware Tech,’ the 22-year-old self-taught computer specialist, largely credited with stopping the spread of the ransomware code.
ContractorUK Note: Hiscox Cyber and Data Risks Insurance offers comprehensive protection for your computer systems and data, all available in a single insurance policy. Find out more >