JFSC issues cyber security guidelines following attack

Tuesday 04 July 2017

The JFSC has released guidance for local companies to protect their data following the recent Petya/Not Petya ransomware outbreak.

The JFSC is already working with a number of firms who have fallen victim to the latest outbreak and has called for local financial service providers to contact them if they have been affected.

The Petya/NotPetya ransomware is designed to encrypt the file system of an infected Windows system as well as denying users access to data. It also recodes the master boot record of the computer to display a ransom demand for $300 in bitcoins. The ransomware is also designed to spread aggressively within local network environments.

The JFSC has been informed of further variants of the malware circulating locally via phishing emails. Companies are being advised to follow these steps to help protect their organisation:

• Back up important data offline and test the backups;
• Ensure ransomware cannot spread to backup systems;
• Keep your organisation’s security software patches up-to-date and upgrade security promptly and regularly. Microsoft released a security update in March which addresses the vulnerability this ransomware appears to exploit. It is recommended that organisations who have not yet applied this security update as well as those running a legacy version of Windows, should consider upgrading immediately;
• Remove or disable unnecessary network services, particularly the Server Message Block network protocol, to reduce the potential attack surface;
• Use up-to-date antivirus software services;
• Do not download files or programs from unknown sites or sources. Request authorisation from your IT department before downloading software to the company network;
• Think before you click. Employ extreme caution regarding emails, links or websites. If you do open an email or click a link you think is suspicious, inform your IT or security department immediately;
• Reduce access rights to authorised personnel only;
• Report but do not forward suspicious emails to your IT or security departments;
• Be vigilant when opening attachments;
• Never pay the ransom: there is no guarantee that cybercriminals can or will unlock files and payment only further motivates and finances attackers to expand their ransomware campaigns.

The JFSC has also recommended that companies sign up to become members of the Cyber Security Information Sharing Partnership (CiSP), a secure joint industry and UK Government initiative for exchanging cyber-threat information. Membership gives full access to the UK Financial Services Cyber Incident Response Framework and provides vital threat information.