[Owasp-cambridge] WannaCrypt Advice from Cambridgeshire Police

Adrian Winckles adrian.winckles at owasp.org
Thu May 18 10:12:57 UTC 2017


Most of you will now know about the ransomware attack that occurred last
Friday. Below is some advice on what to do next (whether or not you were
directly affected by the attack):

There are some direct advice links below for:

·        The Home User
·        The Enterprise User
·        General advice from the NCA.

The advice can also be found by going directly to the National Cyber
Security Centre’s (NCSC) or Microsoft’s site.

Microsoft have advised their customers that “This ransomware can stop you
from using your PC or accessing your data. Unlike other ransomware,
however, this threat has worm capabilities.” and
“The exploit code used by this threat to spread to other computers was
designed to work only against unpatched Windows 7 and Windows Server 2008
(or earlier OS) systems. The exploit does not affect Windows 10 PCs.”


Prepare:
o   Understand the technical estate (network) that you are responsible for,
and patch all software on all systems within. Microsoft have also now
released a patch for legacy Windows XP systems relevant to this malware.
o   NCSC have also released additional defence steps relevant to the
enterprise network defender.
o   Use Anti-Virus software at all times and ensure that it too is updated.
o   Backup your system or critical data to a storage device that is not
within the same network. Consider cloud storage options where suitable.
o   If you believe that you have been a victim of a ransomware attack,
report it to your Local Police and in turn Action Fraud.

Master Level Guidance for use as reference:

·       Main NCSC Statement:
https://www.ncsc.gov.uk/news/statement-international-ransomware-cyber-attack

·        General advice on how to protect yourself from ransomware:
https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware

·       General NCSC advice on patching systems: patch your systems

·       Specific NCSC work with Tech community on mitigating this malware:
https://www.ncsc.gov.uk/blog-post/finding-kill-switch-stop-spread-ransomware-0

·       Guidance for home users:
https://www.ncsc.gov.uk/guidance/ransomware-guidance-home-users

·       Guidance for enterprise:
https://www.ncsc.gov.uk/guidance/ransomware-guidance-enterprise-administrators


Important info from Industry Partners to be used as reference:
·        MS description of malware:
https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt

·       Also from MS who have published a relevant patch for XP:
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-cambridge/attachments/20170518/f198dd45/attachment.html>


More information about the Owasp-cambridge mailing list