You will no doubt be aware of the ransomware threat currently faced by UK organisations. The National Cyber Security Centre (NCSC) aims to provide advice and guidance and services to help improve the cyber security resilience of organisations in the UK. To help mitigate the threat of ransomware we would recommend that your organisation take the following steps:
- Sign up to the Early Warning service. This free NCSC service uses a range of information feeds to notify organisations of cyber incidents, malicious activity and web-based vulnerabilities on your public facing domains and IP ranges. Signing up also ensures that NCSC will can contact organisations quickly in case of an incident. More information is on their website at https://www.ncsc.gov.uk/information/early-warning-service?referrer=ES308.
·Read this guidance: ‘Mitigating malware and ransomware.’
The NCSC urges all organisations to read and follow our guidance on mitigating malware and ransomware. This advice was updated in March 2021 and details a number of steps organisations can take to disrupt ransomware attack vectors and enable effective recovery from ransomware attacks. This includes a wide arrange of actions that you can take to minimise the impact of a ransomware attack. We appreciate that acting on all the recommendations could be an involved operation, so if you want to do something right now, we recommend that you consider the steps below in the first instance.
·Back up your key data
What would you do if your business files were lost to ransomware? To get back up and running we recommend Offline Backups, this will enable quick restoration of business functions. Good backups make getting back to business quicker with less long-term impact. In addition to encrypting files on your computers, ransomware attackers will often attempt to corrupt or alter existing backups. Offline backups are your best defence and will mean encrypted devices can be wiped and restored from Offline backups.
Offline backups (cloud or disconnect physical media) are when the data can be protected from accidental or malicious deletion, they also should offer version retrieval. If you lose access to your files due to ransomware you should protect against this by recovering from an earlier version if a backup has been completed since the attack and preventing deletion of backups.
We recommend that you follow the blog on offline backups https://www.ncsc.gov.uk/blog-post/offline-backups-in-an-online-world
·Disable Remote Desktop Protocol (RDP) – where possible….
RDP account compromise is the source of 50% of ransomware attacks. Where possible we suggest you turn off RDP. In order to do that you need to understand if you have it. NCSC’s Early Warning service will help you know and provide many other benefits. If you identify RDP and didn't know it was on turn it off.
If you have to use RDP we recommend using Multi-Factor Authentication and following the guidance https://www.ncsc.gov.uk/guidance/multi-factor-authentication-online-services. Make sure you follow the principles of Privileged Access Management (PAM)" )" https://www.ncsc.gov.uk/blog-post/protecting-system-administration-with-pam & https://www.ncsc.gov.uk/collection/connected-places-security-principles/managing-your-connected-place/managing-your-connected-places-privileges
Make sure that the accounts that are allowed to use it have unique passwords - try #3randomwords https://www.ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0?referrer=ES308
·Sign up for Exercise in a box
We recommend signing up for the NCSC’s free exercising tool and have a look in particular at the Ransomware and Supply Chain exercises. https://www.ncsc.gov.uk/information/exercise-in-a-box?referrer=ES308
If you would like to keep informed of relevant products and services from NCSC please subscribe to our small organisation newsletter here: https://ncsc-production.microsoftcrmportals.com/SME_News/
For more information please see our web page www.ncsc.gov.uk or get in touch.