Following the widespread ransomware outbreak yesterday please read the below advice to ensure your organisation is protected from this threat.
We strongly advise that you install the relevant security updates on all servers and endpoint devices.
Install the latest Microsoft security patches as a priority
This vulnerability can allow a remote attacker to execute malicious code and has led to widespread ransomware infections across computers running the Microsoft Windows operating systems which do not have the latest security updates installed.
Microsoft have released a patch which you should install immediately to prevent the vulnerability from being exploited. In order to work out which patch to install for your specific environment, please refer to this Microsoft Security Bulletin.
Patches for legacy operating system now available
Microsoft have released a patch for legacy operating systems including Windows XP, Windows 8.0 and Server 2003. Microsoft have made an exception to their usual policy and have released a security update to these platforms which will help to protect these systems from being compromised. Legacy updates can be obtained here.
Stopping the spread of infection
The ransomware worm spreads via the SMB v1 protocol, a legacy communication method particularly used by older devices and systems, therefore for infected organisations disabling this protocol across your environment will halt the spread of the ransomware. Information on how to do this via group policy is available here.
However, please be aware that for a number of organisations, this will impact older systems which use this protocol (factory machines, legacy applications etc) so care and a risk assessment is advised and we’d recommend this should be employed only when endpoint device patching is not possible.
Monitor Anti-Malware compliance
Updates have now been released by a number of anti-virus vendors and therefore we recommend you ensure you have installed the latest update files on all your endpoint devices.
Be vigilant when opening attachments
The attackers are believed to be targeting organisations via phishing emails with a malicious DOC/PDF attachment and therefore advising users not to open attachments unless they’ve been received from a trusted source is the key message to the user community.
The National Cyber Security Centre has provided additional guidance for organisations to guard against this threat which can be found here: https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance
We'll continue to provide any further updates when available. Should you need further information or assistance please contact our helpdesk on 0345 094 0945 or email firstname.lastname@example.org