Right now, the NHS is suffering a massive Cyber Attack which is taking systems down around the country. As well as being a personal concern for many, this comes after what seems like a massive increase of these threats this past week. The NHS attack looks to be a ransom ware infection at this time
Could I please ask you to make all your teams aware of this current increased threat level. Having worked within the NHS for many years I can tell you they do take their security very seriously indeed, and this will likely prove to be the result of emails opened containing infected attachments or links. User awareness is very important at all times, but especially so right now.
Over the past 6 months, a type of email fraud has come to the fore which has started to provoke concern …. and rightly so. Increasingly, we are seeing instances within our customer base and because they appear to emanate from the CEO or CFO, often pass through spam filters with ease.
Please be aware that a new infection technique is doing the rounds; targeting Google Chrome users. The “font wasn’t found” message that appears if you land on certain websites encourages the user to download the "missing" font. Do not download and install .. it’s a trap!
Hackers are targeting genuine but poorly maintained or secured websites, changing the code, and simply visiting an infected site can cause this prompt to appear This infection method has been reported to install ransomware Trojans.
Please make your staff aware of this threat.
Every week seems to bring news of high profile cases of new ransom-ware attacks. Its nasty stuff; nasty enough that the US and Canadian authorities yesterday issued a rare joint cyber alert warning about the upsurge in attacks.
The plague doesn't seem to be going away anytime soon. Enabling the ransom-ware plague is the fact that many businesses and individuals seem to be casual in their habits and unaware of the risks; sometimes over reliant on technical measures to provide safety.
I may be labouring the point (and please forgive me for this), but the advice remains the same:
- Ensure your antivirus is running. Be alert for warnings. Don't cancel scans just because it is inconvenient or slowing you down
- If Windows is prompting to restart to apply updates; don't delay
- If you suspect something odd is happening; report it
- Be VERY wary of email attachments, links in emails, websites you don't know and software offered for free
- Educate your team on the risks; any system is only as strong as its weakest link
- If you havent got regular backups; get some. In the event of a ransomeware attack this may be your only route out of trouble
For those who haven't already downloaded it, we have a free information sheet for staff available for download here (irony alert ... but I can assure you it is safe)