The NCSC's Latest Statement Regarding the International Cyber Incident

The National Cyber Security Centre (NCSC)The latest statement from the National Cyber Security Centre (NCSC), the UK's authority on cyber security:
Since the global coordinated ransomware attack on thousands of private and public sector organisations across dozens of countries on Friday, there have been no sustained new attacks of that kind. But it is important to understand that the way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks.

This means that as a new working week begins it is likely, in the UK and elsewhere, that further cases of ransomware may come to light, possibly at a significant scale. Our national focus must therefore be on two lines of defence.

The first is to limit the spread and impact of the attacks that have already occurred. Due to broad government and partner efforts, a variety of tools are now publicly available to help organisations to do this. This guidance can be found on our homepage - ncsc.gov.uk - under the title 'Protecting Your Organisation From Ransomware'.

We know already that there have been attempts to attack organisations beyond the National Health Service. It is therefore absolutely imperative that any organisation that believes they may be affected, follows and implements this guidance.

We have set out two pieces of guidance: one for organisations and one for private individuals and SMEs which can be applicable regardless of the age of the software in question. It will be updated as and when further mitigations become available and we will announce when updates have been made on Twitter (@ncsc) and elsewhere.

Secondly, it is possible that a ransomware attack of this type and on this scale could recur, though we have no specific evidence that this is the case. What is certain is that ransomware attacks are some of the most immediately damaging forms of cyber attack that affects home users, enterprises and governments equally.

It is also the case that there are a number of easy-to-implement defences against ransomware which very considerably reduce the risk of attack and the impact of successful attacks.

These simple steps to protect against ransomware could be applied more thoroughly by the public and organisations

Companies can undertake three simple steps which are also set out on our website and can be summarised as follows:

1. Keep your organisation's security software patches up to date
2. Use proper antivirus software services
3. Most importantly for ransomware, back up the data that matters to you, because you can't be held to ransom for data you hold somewhere else.

Find the guidance here.

Home users and small businesses can take the following steps to protect themselves:

1. Run Windows Update
2. Make sure your antivirus product is up to date and run a scan - if you don't have one install one of the free trial versions from a reputable vendor
3. If you have not done so before, this is a good time to think about backing important data up - you can’t be held to ransom if you’ve got the data somewhere else.

Find the guidance here.

In the days ahead, the NCSC, working closely with the National Crime Agency in support of their criminal investigation, and with international partners in both other governments and the commercial sector, will continue our round-the-clock effort to get ahead of this threat. We would like to reassure the public that resources from the Government, law enforcement and public and private sector organisation are working together to manage further disruption from the current attack and to increase protection against any further attacks in the coming days. The country's security and law enforcement agencies are working round the clock to protect the public. Private sector efforts have made a very significant contribution to mitigate the cyber attacks so far and to prevent further disruption.

In this video, NCSC Chief Executive Officer Ciaran Martin talks to Newsnight’s Editor Ian Katz about defending Britain from cyber attack.

About NCSC
The National Cyber Security Centre (NCSC) is the UK's authority on cyber security. We are a part of GCHQ. The NCSC brings together and replaces CESG (the information security arm of GCHQ), the Centre for Cyber Assessment (CCA), Computer Emergency Response Team UK (CERT UK) and the cyber-related responsibilities of the Centre for the Protection of National Infrastructure (CPNI).

The NCSC has access to some of the most sophisticated capabilities available to government. We acknowledge the sensitivity of these resources, whilst working to make the benefits of our expertise as widely available as possible.

Most Popular Now

Virtual Humans Help Aspiring Doctors Lea…

For medical student Katie Goldrath, the first time delivering difficult health news came when she had to tell a young woman named Robin and her mom, Delmy, that Robin had...

Read more

'Smart Contact Lens Sensor' for Diabetic…

A recent study, affiliated with Ulsan National Institute of Science and Technology (UNIST), South Korea, has proposed the possibility of in situ human health monitoring simply by wearing a contact...

Read more

2017 eHealth Competition Awards SilverCl…

The eHealth Competition is an initiative that rewards the best digital health solutions produced by SMEs across Europe. This edition has been supported by Astrazeneca, Ship2B and Younoodle. This competition...

Read more

ECDC Report Shows Strong Potential of E-…

Twenty one EU/EEA countries have developed or are in the process of developing systems to digitally record information about vaccination, according to a new "ECDC survey report on immunisation information...

Read more

Devicare Raises 3 Million Euros in its C…

Devicare, a company specializing in innovative medical devices for chronic home care patients under Remote Patient Monitoring (RPM), has closed out a seed round of 3 million euros. This funding...

Read more

Successful Conclusion to conhIT 2017, th…

25 - 27 April 2017, Berlin, Germany. As conhIT, which took place from 25 to 27 April in Berlin, came to a close, 500 exhibitors, 9,500 participants from around the world...

Read more

Compiling Big Data in a Human-Centric Wa…

When a group of researchers in the Undiagnosed Disease Network at Baylor College of Medicine realized they were spending days combing through databases searching for information regarding gene variants, they...

Read more

Scopis Introduces the First Mixed-Realit…

Scopis, a company specializing in surgical navigation and medical augmented and mixed reality technologies, announced today the launch of its newest development, the Holographic Navigation Platform for use in surgery...

Read more

IMS MAXIMS Launches Vital Signs Mobile A…

Clinical technology specialist IMS MAXIMS will be launching its fully integrated vital signs application at eHealth Week on 3rd and 4th May in Olympia, London. Delegates will be the first...

Read more

Immunisation Information Systems in the …

Immunisation information systems (IIS) are defined as confidential, population-based, computerised databases that record all immunisation doses administered by participating providers to persons residing within a given geopolitical area. At the...

Read more

Abbott Announces CE Mark and First Use o…

Abbott (NYSE: ABT) today announced CE Mark and first use of the new Confirm RxTM Insertable Cardiac Monitor (ICM), the world's first smartphone compatible ICM that will help physicians identify...

Read more

Using a Smartphone to Screen for Male In…

More than 45 million couples worldwide grapple with infertility, but current standard methods for diagnosing male infertility can be expensive, labor-intensive and require testing in a clinical setting. Cultural and...

Read more