A new wave of the WanaCrypt0r ransomware (a WannaCry variant) has been affecting a significant number of organisations across a wide range of target industries. Several victims have already been named in open source, including multiple NHS Trusts in the UK, and Telefónica, the Spanish telecommunications provider.
Ransomware is an increasingly prevalent threat, with a rising number of variants designed to target corporate networks. In spite of this scourge, there are many pragmatic steps which organisations can take to reduce the likelihood of incidents, limit their impact when one does occur, and to recover swiftly and effectively.
These span several aspects of IT operations and security and primarily relate to:
Robust business continuity planning and exercising – ensuring that individual user systems and key servers can be restored rapidly from backups, and that the frequency of backups aligns to the timeframe of data your organisation is prepared to lose in the event of any system being rendered unusable;
Pat Moran, PwC Cyber Leader, said: "Executives should ensure that desktop and server IT operations teams are provided with all the support they need to rapidly deploy Microsoft’s April and May critical security updates, along with March’s MS17-010 security update. They should also understand that IT operations teams, on the recommendation of their security team, may need to cause temporary disruption to some services on IT estates as additional controls are implemented and vulnerable services disabled."
Leonard McAuliffe, Director, PwC Cyber Practice added: "Ensure your IT teams have taken action to, or develop plans including to disable the use of the SMBv1 network file sharing protocol across the entirety of your IT estate; disable the ability to execute unsigned macros in Office documents, using group policy settings (and sign legitimate macros from your own organisation); ensure two factor authentication is in place for all external access to systems (e.g. VPN and RDP); and identify and prevent all systems without the MS17-010 security update from connecting to core corporate networks, and segment guest networks from all ability to access core corporate networks.
Pat Moran advised companies: "Do not pay ransomware ransom – unless there is a threat to life. Doing so fuels the ransomware economy, funding development of additional ransomware techniques and campaigns."
At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 223,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.
PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.
©2017 PwC. All rights reserved