Cybersecurity – additional ransomware guidance

Latest news from the National Cyber Security Centre around ransomware

IP-header

You will no doubt be aware of the ransomware threat currently faced by UK organisations. The National Cyber Security Centre (NCSC) aims to provide advice and guidance and services to help improve the cyber security resilience of organisations in the UK.

To help mitigate the threat of ransomware we would recommend that your organisation take the following steps:

Sign up to the NSCS’s Early Warning service

This free NCSC service uses a range of information feeds to notify organisations of cyber incidents, malicious activity and web-based vulnerabilities on your public-facing domains and IP ranges. Signing up also ensures that NCSC can contact organisations quickly in case of an incident. More information is on the NCSC's website.

Read the guidance

The NCSC urges all organisations to read and follow its guidance on mitigating malware and ransomware. This advice was updated in March 2021 and details a number of steps organisations can take to disrupt ransomware attack vectors and enable effective recovery from ransomware attacks.

This includes a wide arrange of actions that you can take to minimise the impact of a ransomware attack. We appreciate that acting on all the recommendations could be an involved operation, so if you want to do something right now, we recommend that you consider the steps below in the first instance.

Back up your key data         

What would you do if your business files were lost to ransomware? To get back up and running we recommend offline backups – this will enable quick restoration of business functions. Good backups make getting back to business quicker with less long-term impact.

In addition to encrypting files on your computers, ransomware attackers will often attempt to corrupt or alter existing backups. Offline backups are your best defence and will mean encrypted devices can be wiped and restored from offline backups.

Offline backups (cloud or disconnect physical media) are when the data can be protected from accidental or malicious deletion; they should also offer version retrieval. If you lose access to your files due to ransomware you should protect against this by recovering from an earlier version if a backup has been completed since the attack and preventing deletion of backups.

We recommend that you follow this blog on offline backups.

Disable Remote Desktop Protocol (RDP) where possible

RDP account compromise is the source of 50% of ransomware attacks. Where possible we suggest you turn off RDP. In order to do that you need to understand if you have it. NCSC’s Early Warning service will help you know and provide many other benefits. If you identify RDP and didn't know it was on, turn it off.

If you have to use RDP we recommend using multi-factor authentication and following this guidance.

Make sure you follow the principles of privileged access management (PAM), the guidance on managing your connected places privileges.

Also make sure that the accounts that are allowed to use it have unique passwords – try three random words.

Sign up for Exercise in a Box

We recommend signing up for the NCSC’s free exercising tool and have a look in particular at the ransomware and supply chain exercises.

To keep yourself informed of relevant products and services from NCSC, subscribe to its small organisations newsletter.

For more information, please see ncsc.gov.uk.

To access further ACCA and partner guidance and resources, please see our cybersecurity support packages.