As widely reported in the press this afternoon, there has been a significant wave of ransomware affecting a large number of NHS bodies and their access to data held on computer systems. NHS Digital has stated that it is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and ensure patient safety is protected.
Ransomware is an increasingly prevalent threat, with a rising number of variants designed to target corporate networks. In spite of this, there are many pragmatic steps which organisations can take to reduce the likelihood of incidents, limit their impact when one does occur, and to recover swiftly and effectively. These span several aspects of IT operations and security and primarily relate to:
Robust business continuity planning and exercising and the ability to restore rapidly from backups;
Crisis and incident response planning and exercising to ensure incidents are managed to resolution swiftly;
Strong security hygiene policies and user awareness to prevent ransomware entering your IT environment through both technical controls and vigilant employees; and,
Rigorous patch and vulnerability management ensuring you make effective use of work already done to address vulnerabilities.
Priority Recommendations for management and IT colleagues to consider, subject to also considering the operational impacts of making these changes:
Provide your desktop and server IT operations teams with all the support they need to rapidly deploy Microsoft’s April and May security updates, along with MS17-010;
Accept that addressing issues may require temporary disruption to some services on your IT estates as additional controls are implemented and vulnerable services disabled – for example disabling the SMBv1 protocol and the ability to execute unsigned macros in Office documents, and enabling two factor authentication for all external access to systems (e.g. VPN and RDP).
PwC never recommends paying a ransomware ransom - unless there is a threat to life. Doing so fuels the ransomware economy, funding development of additional ransomware techniques and campaigns.
For any enquires please contact Tasos Procopiou at firstname.lastname@example.org