Ransomware Incident Protect Alert
Following the global ransomware Cyber Attack on Friday 12 May which has had a dramatic effect on the computer systems of NHS Trusts across the country, Essex Police Cyber Crime Unit is issuing this URGENT ALERT to all businesses and individuals for guidance to protect themselves now and in the future.
The National Cyber Security Centre’s technical guidance includes specific software patches to use that will prevent uninfected computers on your network from becoming infected with the “WannaCry” Ransomware: https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance
For additional in-depth technical guidance on how to protect your organisation from ransomware, details can be found here: https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware
Key Protect advice for individuals
How to prevent a ransomware attack
- Back-up! Back-up! Back-up! Have a recovery system in place so a ransomware infection can’t destroy your data forever. It’s best to create two back-up copies: one to be stored in the cloud (preferably use a service that makes an automatic backup of your files) and one to store physically – which you should disconnect and store separately when you are done.
- Use robust antivirus software to protect your system from ransomware. Do not switch off the ‘heuristic functions’ as these help the solution to catch samples of ransomware that have not yet been formally detected.
- Keep all software on your computer up to date. When your operating system or applications release a new version, install it, and if the software allows automatic updating, use it.
- Trust no one. Any account can be compromised, so malicious emails can be sent from the accounts of friends, colleagues or business contacts. Never open attachments in emails if the source isn’t 100% known and trustworthy, or if it seems strange you’d be receiving them.
- Cyber criminals often send fake email messages that look just like genuine notifications from your bank, an online store, the police, a court or a tax collection agency, luring recipients to click on a malicious link. Never log onto your online banking site or any other site via an email link – fake sites look just like the real thing. Always go to your bank or other company’s login page by typing their web address into your browser.
- Visit only websites you know to be reputable. Don’t click on links in emails, posts, tweets or texts. When online, always be cautious of using links: hovering your mouse over a link will often display the full file path of the page that the link will take you to. Check the spelling, does the file path look authentic?
- Enable the ‘Show file extensions’ option in the Windows settings on your computer. This will make it easier to spot potentially malicious files. Stay away from file extensions like ‘.exe’, ‘.vbs’ and ‘.scr’. Scammers can use several extensions to disguise a malicious file as a video, photo, or document (like hot-chics.avi.exe or doc.scr).
- If you discover a rogue or unknown process on your machine, disconnect it immediately from the internet or other network connections (such as home Wi-Fi) — this will prevent the infection from spreading.
If your computer or mobile device gets locked by ransomware:
- Disconnect it immediately from the internet or other network connections to prevent the infection from spreading.
- If you are suffering a live cyber-attack that is in progress, call Action Fraud, the UK’s national fraud and cyber-crime reporting centre now on 0300 123 2040, do not report using the online tool. The telephone service is available 24 hours a day, 7 days a week for businesses, charities and organisations. Advisors are also available 24/7 on web chat if you have any questions.
- The general advice is to not pay the extortion demand as there are risks with doing so, including exacerbating the crime type and potentially identifying yourself as a repeat target. Also, there is no guarantee that access to your files will be restored if you do pay.
- To detect and remove ransomware and other malicious software that may be installed on your computer, run a full system scan with an appropriate, up-to-date, security solution.
- Seek professional advice from a trustworthy source.
- The site www.nomoreransom.org was launched in 2016 by the Dutch National Police, Europol, Intel Security and Kaspersky Lab. It is designed to encourage co-operation between law enforcement and the private sector in combatting ransomware. It contains protective information and a variety of decryption tools which work on some of variants of ransomware.
If you think you’ve been a victim of ransomware or another form of cyber-attack that is no longer live, report it to Action Fraud on 0300 123 2040 or by visiting: www.actionfraud.police.uk