The National Cyber Security Centre (NCSC) is actively collaborating with organizations and partners throughout the UK that have been impacted by the ransomware known as ‘WannaCry’. This page provides guidance for home users and small businesses looking to decrease the risk of falling victim to WannaCry or other forms of ransomware.
- This guidance will be revised as new information becomes available.
- For more comprehensive advice on online protection, visit CyberAware.
Understanding WannaCry
WannaCry is classified as a form of malicious software, specifically ransomware. This type of software renders your data or systems unusable until the victim fulfills a payment demand.
Steps to Safeguard Yourself
There are three key actions you should undertake to secure yourself against ransomware.
1. Update Your Windows Operating System
WannaCry affects only those computers running Microsoft Windows without the latest security updates. If you use a recent version of Windows (specifically Windows 7, Windows 8, Windows 8.1, or Windows 10) and have automatic updates activated, you should be protected against WannaCry.
How to Update Your Windows:
- If you are on a supported version (Windows 7, Windows 8, Windows 8.1, or Windows 10), ensure you run Windows Update and apply any available updates.
- If you are using Windows XP, Windows Vista, or older variants, you can download the WannaCry security update from this link and install it.
Important: We strongly advise against the use of unsupported operating systems; instead, consider upgrading to one that receives regular vendor security updates.
2. Run Antivirus Software
- Ensure your antivirus software is active and up to date. Windows comes with a built-in malware protection tool called Microsoft Defender, which is effective for this purpose.
- Conduct a full scan of your system to ensure it is free of known malware.
3. Maintain a Secure Backup of Your Crucial Files
- Regularly create backup copies of critical files (like photos and documents that can’t be replaced). If you have backups available, you will not be held to ransom.
- This backup must be stored separately from your computer. If it is on removable media such as a USB stick or external hard drive, ensure it is not left connected or accessible over your network to prevent ransomware attacks.
- Consider utilizing cloud services for file backups. Many providers, including email services, offer free cloud storage space.
Actions to Take If Infected by Ransomware
The National Crime Agency (NCA) urges anyone who suspects they have experienced online fraud to reach out to Action Fraud at www.actionfraud.police.uk.
If a small business has been impacted by ransomware and is concerned about further spreading within their network, the following steps may assist:
- Immediately disconnect your computer, laptop, or tablet from the network and disable Wi-Fi.
- Safely format or replace your disk drives.
- While still disconnected, connect this computer directly to the Internet.
- Update the operating system and all relevant software.
- Install, update, and run antivirus software.
- Re-establish your network connection.
- Monitor network activity and/or run antivirus scans to determine if any infection persists.
Files that are encrypted through the WannaCry attack can only be decrypted by the attacker; do not waste your resources on services that claim otherwise.
Should You Pay the Ransom?
The NCA advises both the industry and the public not to pay the ransom. Reasons include:
- No guarantee of regaining access to your data.
- Your system will remain infected unless thorough cleanup is undertaken.
- You would be financially supporting criminal entities.
Article has been taken from ncsc.gov.uk: https://www.ncsc.gov.uk/guidance/wannacry-guidance-for-home-users-and-small-businesses
