Ransom package: WannaCry

On May 12 2017 a ransomware package known as “WannaCry” appeared in the news. This program targets Windows systems using various vulnerabilities and exploits them to propagate itself across networks. A number of networks were affected, including the NHS in the UK. In some cases the program proceeds to encrypt data and then demands a payment to provide an unlocking key. It also threatens to permanently delete the encrypted data if the payment is not made within a limited amount of time. Without the unlocking key it is impossible to decrypt the data.

Microsoft has issued a security advisory and update for all supported operating systems (Windows Vista SP2 onwards) which is delivered via Windows Update or from links provided on the information page located at:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Microsoft also released a patch for Windows XP and Windows Server 2003. This can be downloaded from the following address:
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

The providers of anti-virus and malware packages have also provided updates to protect systems against this package.

CRB Cunninghams recommends that all Impact client PCs – Point of Sale (PoS), revaluation unit controllers, preorder kiosks and back office PCs use only a supported version of Windows and that those installations are regularly updated. Details on which versions of Windows are currently supported as well as end of life details are available here:
https://support.microsoft.com/en-gb/help/13853/windows-lifecycle-fact-sheet

CRB Cunninghams also recommends that (where possible) Impact client PCs are provided with an anti virus and malware package which is also regularly updated. Please make sure when configuring your anti-virus system that scheduled updates and scans are performed outside the core service periods.

As many of our systems and client devices are installed within client networks (without internet or network access in some cases), we do not provide automatic updates or anti-virus and malware protection for client devices running our software – as we are unable to guarantee that these devices can be patched and updated reliably. We are prepared to assist in protecting those devices with our clients’ IT departments by providing them with any information required via the CRB Cunninghams helpdesk support service.

To enhance the security of your system, as a minimum you should check the following:

  • All client installations (PoS, Revaluation units, pre-order kiosks etc.) should be running Windows 7 as a minimum operating system.
  • Where Windows XP is used, they should be immediately patched with the update link above, and upgraded to Windows 7 or later as soon as possible.
  • All host PCs (Kitchen PCs, back office PCs etc.) should be Windows 7 or later and should include Patches and Security updates. These machines are sometimes used for other purposes (e.g. Office) and therefore should include an anti virus & malware package which is updated regularly.
  • Host PCs should disable SMB V1 – instructions for IT professionals are included in the links above. Please note that disabling SMB V1 may prevent some XP based clients from connecting even if they have been patched.

For further information or assistance, please contact our helpdesk on the numbers below or email  support@crbcunninghams.co.uk.

Scotland, NE England & Cumbria, & N.Ireland
Our Support number is:
0131 440 6106

 

England & Wales
Our Support number is:
0333 014 3064