Following the weekend’s WannaCry ransomware attack on the NHS and over 100,000 organisations in 150 countries worldwide, the Financial Conduct Authority (FCA) has issued advice to fixed firms on dealing with the impact of ransomware attacks. It is now extending this guidance and technical advice to all firms, both fixed and flexible.


NHS and global ransomware attacks-message for firms

You will be aware of the recent ransomware attacks on 12 May against the NHS and globally. The ransomware, known as WannaCry, encrypts files of the user who clicked on the email, and takes advantage of unpatched operating system vulnerabilities to actively spread from computer to computer, greatly expanding the reach of its attack.

There have been no further attacks reported and there is still no reported impact on the finance sector. But there is a risk of new variants appearing. Ahead of business start today Monday 15 May, the NCSC have updated their statement: “as a new working week begins it is likely, in the UK and elsewhere, that further cases of ransomware may come to light, possibly at a significant scale” https://www.ncsc.gov.uk/news/latest-statement-international-ransomware-cyber-attack-0

The NCSC have also updated their detailed technical guidance: https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance of how organisations can protect against ransomware and stated that “It is therefore absolutely essential that any organisation that believes they may be affected, follows and implements this guidance”.

In support, the FCA has issued advice on their website: “If your firm does identify any cyber-attack they should report to Action Fraud (http://www.actionfraud.police.uk/) or 0300 123 2040 and let their Supervisor(s) know through the usual contact route”.

NCSC Technical Mitigation advice to firms:

The NCSC advise the following steps be performed in order to contain the propagation of this malware:

Author
This email address is being protected from spambots. You need JavaScript enabled to view it.


Related content
Author
This email address is being protected from spambots. You need JavaScript enabled to view it.


Related content