Ransomware has become the fastest growing malware threat, targeting everyone from home users to healthcare systems to corporate networks. For this reason, we have been educating our customers through our recent communications and our webinar that many of you attended. Little did we realise that we would see a ransomware variant spread so rapidly and affect so many organisations as the attack that started on Friday 12th May has demonstrated.
You will have seen the headlines over the weekend that this ransomware variant has impacted far-flung organisations such as the hospitals and clinics run by the British National Health Services, Chinese Universities, Hungarian and Spanish Telecoms.
Affected Microsoft products include:
· Windows Vista
· Windows Server 2008
· Windows 7
· Windows Server 2008 R2
· Windows 8.1
· Windows Server 2012 and Windows Server 2012 R2
· Windows RT 8.1
· Windows 10
· Windows Server 2016
· Windows Server Core installation option
Microsoft released a critical patch for this vulnerability in March in Microsoft Security Bulletin MS17-010 which we strongly advise that you apply on all affected nodes of the network immediately.
The patch for 2003, XP and Windows 8 machines can be found here.
We also recommend that users and organisations take the following preventive measures:
- Establish a regular routine for patching operating systems, software, and firmware on all devices.
- Deploy IPS, AV, and Web Filtering technologies, and keep them updated. Back up data regularly. Verify the integrity of those backups, encrypt them, and test the restoration process to ensure it is working properly.
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
- Schedule your anti-virus and anti-malware programs to automatically conduct regular scans.
- Disable macro scripts in files transmitted via email. Consider using a tool like Office Viewer to open attached Microsoft Office files rather than the Office suite of applications.
- Establish a business continuity and incident response strategy and conduct regular vulnerability assessments.
The security of our customers’ systems is of upmost importance. Our team are at your disposal to offer you advice on protecting your systems and people. If you have any concerns, or would like further clarification about this statement and the recommendations we have suggested then please contact our technical support team who will be only too happy to help on 01189 186824.