Attempts to attack organisations beyond the National Health Service (NHS) are known so if you believe your organisation may be affected, do follow and implement this guidance.
There are two pieces of guidance: one for organisations and one for private individuals and SMEs which can be applicable regardless of the age of the software in question. It will be updated as and when further mitigations become available. Updates will be announced on Twitter and elsewhere.
Secondly, it is possible that a ransomware attack of this type and on this scale could recur, though there is no specific evidence that this is the case. What is certain is that ransomware attacks are some of the most immediately damaging forms of cyberattack that affects home users, enterprises and governments equally.
There are a number of easy-to-implement defences against ransomware which very considerably reduce the risk of attack and the impact of successful attacks. These simple steps to protect against ransomware are not being applied by either the public or organisations as thoroughly as they should be.
Three simple steps for companies to undertake which are also set out on the NCSC website and can be summarised as follows:
1. Keep your organisation's security software patches up to date
2. Use proper anti-virus software services
3. Most importantly for ransomware, back up the data that matters to you, because you can't be held to ransom for data you hold somewhere else.
Home users and small businesses can take the following steps to protect themselves:
1. Run Windows Update
2. Make sure your AntiVirus product is up to date and run a scan – If you don’t have one install one of the free trial versions from a reputable vendor
3. If you have not done so before, this is a good time to think about backing important data up – You can’t be held to ransom if you’ve got the data somewhere else.
In the days ahead, the NCSC, working closely with the National Crime Agency in support of their criminal investigation, and with international partners in both other governments and the commercial sector, are working round-the-clock to get ahead of this threat and prevent further disruption.