Following the weekend’s WannaCry ransomware attack on the NHS and over 100,000 organisations in 150 countries worldwide, the Financial Conduct Authority (FCA) has issued advice to fixed firms on dealing with the impact of ransomware attacks. It is now extending this guidance and technical advice to all firms, both fixed and flexible.
NHS and global ransomware attacks-message for firms
You will be aware of the recent ransomware attacks on 12 May against the NHS and globally. The ransomware, known as WannaCry, encrypts files of the user who clicked on the email, and takes advantage of unpatched operating system vulnerabilities to actively spread from computer to computer, greatly expanding the reach of its attack.
There have been no further attacks reported and there is still no reported impact on the finance sector. But there is a risk of new variants appearing. Ahead of business start today Monday 15 May, the NCSC have updated their statement: “as a new working week begins it is likely, in the UK and elsewhere, that further cases of ransomware may come to light, possibly at a significant scale” https://www.ncsc.gov.uk/news/latest-statement-international-ransomware-cyber-attack-0
The NCSC have also updated their detailed technical guidance: https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance of how organisations can protect against ransomware and stated that “It is therefore absolutely essential that any organisation that believes they may be affected, follows and implements this guidance”.
In support, the FCA has issued advice on their website: “If your firm does identify any cyber-attack they should report to Action Fraud (http://www.actionfraud.police.uk/) or 0300 123 2040 and let their Supervisor(s) know through the usual contact route”.
NCSC Technical Mitigation advice to firms:
The NCSC advise the following steps be performed in order to contain the propagation of this malware:
- Deploy patch MS17-010: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
- A new patch has been made available for legacy platforms, and is available here: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks
- If it is not possible to apply this patch, disable SMBv1. There is guidance here: https://support.microsoft.com/en-us/help/2696547and/or block SMBv1 ports on network devices [UDP 137, 138 and TCP 139, 445]
- If these steps are not possible, propagation can be prevented by shutting down vulnerable systems.