Following the ransomware cyber attack on Friday 12 May which affected the NHS and other organisations in the UK and globally, Gloucestershire Police have some security advice to help individuals and businesses protect themselves from this type of malware attack. At present Action Fraud, the UK’s national fraud and cybercrime reporting centre, have not reported an increase in new attacks but there is a concern that attacks could escalate on Monday when businesses return to work.
The key messages for businesses include:
- Install system and application updates on all devices as soon as they become available.
- Install anti-virus software on all devices and keep it updated.
- Create regular backups of your important files to a device that isn’t left connected to your network as any malware infection could spread to that too.
- Further information and specific advice about how to protect your business from the “Wcry” or “WanaDecrypt0r” ransomware can be found at the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) http://www.nationalcrimeagency.gov.uk/ and https://www.ncsc.gov.uk/ You can also follow their advice/alerts on their Facebook and Twitter feeds
Key messages for individuals are the same as for businesses, plus:
- Only install apps from official app stores, such as Google’s Play Store, or Apple’s App Store as they offer better levels of protection than some third party stores. Jailbreaking, rooting, or disabling any of the default security features of your device will make it more susceptible to malware infections.
Criminals use opportunities like this to further defraud people using 'phishing' and 'smishing' tactics. We would therefore urge people to be cautious and wary when contacted by people who claim to be from the NHS in relation to the ransomware attack.
The advice to protect against ‘phishing’ and ‘smishing’ emails includes:
- An email address can be spoofed. Don’t open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for your personal or financial details.
- The sender’s name and number in a text message can be spoofed, so even if the message appears to be from an organisation you recognise, you should still exercise caution; particularly if the texts are asking you to click on a link or call a number.
- Don’t disclose your personal or financial details during a cold call, and remember that the police and banks will never ring you and ask you to verify your PIN, withdraw your cash, or to transfer your money to another account.
Any individuals or businesses who believe they have been a victim of the ransomware attack or other type of fraud attack are urged to report it to Action Fraud athttp://www.actionfraud.police.uk/ where you can also find information on how to protect your data and devices and what to do if infected.