Cybersecurity Advisory: Update on Global Ransomware Attack

On Tuesday, June 27, 2017 another ransomware outbreak occurred and has since compromised   thousands of computer systems across the world.  This attack, which comes a mere 6 ½ weeks after the previous WannaCry ransomware attack, has crippled companies in the UK, USA and Europe.  This may be an indication that many computer systems are still vulnerable to this type of attack and not enough is being done to protect them.  It is crucial that we learn from the experiences of affected companies and take the necessary precautions to ensure that your organisation does not suffer a similar fate.

 

To protect your information assets, Guyana National Cybersecurity Incident Response Team (GNCIRT) advises that IT personnel take the following precautionary actions:

  • Verify whether the SMBv1 service is running on any external servers. If so, consider immediately deactivating same if it is not mission critical.
  • Confirm the following set of patches from Microsoft have been applied throughout your agency. If not, you should immediately test and apply them. Patches can be found at the following location:

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx?utm_campaign=Petya%2FNotPetya%20Ransomware%20Prospect%20Email%20-%206.27%20-%20Blast%202&utm_medium=email&utm_source=Eloqua

 

In an effort to safeguard computers and your network from Ransomware attacks, the following recommended actions are to be performed on an ongoing basis:

  • Keep up-to-date: Ransomware is a constantly evolving threat. It is important to keep up-to-date with new developments.  This includes, but is not limited to, conducting cybersecurity awareness sessions for all employees.
  • Impose and enforce strict employee practices:

– Implement web filtering policies to prevent visits to malicious or compromised websites.

– Avoid the installation of web browser extensions and plug-ins not required for work activities.

– Do not click spontaneously on links embedded in emails.

– Delete spam emails permanently from mailboxes.

– Beware of phishing sites and traps.

– Do not install any unlicensed or unauthorized software.

– Avoid downloading free software, games, music, movies, etc., as they can contain malicious code.

  • Update software and patch vulnerabilities: Ensure that software and operating systems are up-to-date with security patches.  This includes web browsers and plugins.
  • Use security software tools: Ensure all computers and servers are equipped with active and adequately configured antivirus and other intrusion detection software. Ensure that alerts produced by security tools are proactively monitored and addressed.
  • Onsite and offsite backup: Store, maintain and backup data and configurations regularly. Keep current copies of backup data offsite and inaccessible to live computer systems.

 

For further information and support, please contact GNCIRT at 231-8820 ext. 221 or 222; or info@cirt.gy.