NHS Ransomware Attack 12th May 2017

Here’s a copy of an email sent to our maintenance customers following the high-profile 12th May Ransomware attacks which affected a number of NHS services .

Important – please read and distribute to all computer users.


You will no doubt be aware that on Friday the NHS as well as the rest of the world was affected by a large ransomware attack. There are concerns that further damage will be done on Monday as people open computers for the first time since the attack started.


We therefore urge you to read and understand more about this type of threat and how best to protect your business from falling victim to cybercriminals.


There’s a lot of information to disseminate so please take some time to read through this briefing. I’ll try to order this so the most important information is first.


Most importantly- How to stay safe this week and in the future

  1. Be very careful about opening email attachments, especially from people you don’t know, or attachments you aren’t expecting.
  2. If you double-click to open an attachment and then you need to click again for it to open – it’s probably malware.
  3. Be aware that a message may say it is from one person when in fact they didn’t send it. Email spoofing is trivial.
  4. If you see suspicious activity, switch the computer off immediately – pull the plug out if you have to. Hold the power button for 10 seconds on laptops. The sooner you can contain the damage the better.


What to look out for

  1. Your Files won’t open
  2. Files no longer have the correct Word / Excel / PDF etc icon
  3. Messages from the Antivirus system about threats being found – especially if more than 1 alert is seen
  4. Messages on your desktop, the normal wallpaper picture is changed and tells you that your files have been encrypted
  5. Windows may not load up correctly


How we’re keeping you safe

Lansalot implement a number of techniques for our maintenance customers, both preventative and preparatory, to help ensure the criminals don’t benefit from your hard earned cash.

  1. Antivirus scanning at the email server, before the email reaches your desk
  2. Antivirus on the computer – also helps protect from infections via USB sticks, CDs, and internal network attacks
  3. Backups of data, and regular checking that backups are working correctly
  4. Over the coming days we will be double- checking the Microsoft update which patches the exploit being used in these attacks is installed on all of your systems.
  5. Over the coming weeks we’ll be making recommendations to better secure your systems in general.

BUT as with many systems there is a weak link, and the weak link is most often the people who use it.


How to be safer

  1. Be smarter – be very aware of what you’re opening on your computer and that no protection system – no matter how well designed and maintained – is completely infallible.
  2. Don’t be the weak link – most often these attacks and malware rely on some social engineering technique to trick a human into initiating or agreeing something they don’t fully understand.
  3. Have more backups in more places – cloud backup is a great option because it is not locally connected, and so beyond the reach of  ransomware – for now.
  4. Stop sending zip files and other potentially malicious file-types through email. This can be a pain when customers and suppliers are trying to email legitimate documents this way, but there are other ways to exchange legitimate documents
  5. Ensure passwords are not easy to guess or simple for automated systems to find. Longer passwords are better, ideally 10 characters – but something like “SpitfireSam+2020” is much harder to guess or brute-force than “Pa$$w0rd123” even though this password would meet many password complexity requirement policies.
  6. Passwords part 2 – You may think a password only lets you into your computer, which is safely locked in your office at night – so ‘admin’ is fine as a password, right – because nobody can get to your computer at night? That same password may be enabled by default to allow remote access to the company server or other services (E.G. Email or VPN access), whether you use them or not. Consider that your password may give someone access to more than just your pc or email. Hackers are patient, they will keep trying, and they only need to be lucky once.


For decision makers – how we can help your business stay safer

We have a list of steps we can implement to make it very difficult for ransomware to succeed, but there are implications and possible impacts to how you work. Not all of the steps will be welcomed, appropriate or possible depending on various factors. Some are very restrictive and can prevent users managing their own computers and 3rd party equipment from operating without further configuration updates.


We will need to consult with you on which steps we will take to secure your systems and discuss costs.


How ransomware works

If you’re interested in learning more about ransomware, read this article.



We are aware that certain insurance companies (notably Hiscox) offer cybersecurity insurance policies. If you would like further information about this, we would be happy to introduce you to our chartered insurance brokers who will be able to consult you independently on your insurance needs.