Guidance

Ransomware: Latest NCSC Guidance

Created:  13 May 2017
Updated:  17 May 2017
Computer locked by ransomware
The NCSC 'WannaCry' guidance has now been split into separate pieces to meet the needs of different audiences. Home users and small business owners should use the home users and SME guidance. Enterprise administrators should use this enterprise administrators guidance. You may also want to refer to our broader guidance on protecting your organisation from ransomware.
The latest NCSC guidance on Ransomware

The NCSC are aware of a ransomware campaign relating to version 2 of the “WannaCry” malware affecting a wide range of organisations globally. 

NCSC are working with affected organisations and partners to investigate and coordinate the response in the UK.  This guidance will be updated as new information becomes available.

From investigations and analysis performed to date, we know that the malware encrypts files, provides the user with a prompt which includes; a ransom demand, a countdown timer and bitcoin wallet to pay the ransom into.
 
The malware uses the vulnerability MS17-010 to propagate through a network using the SMBv1 protocol. This enables the malware to infect additional devices connected to the same network.

Was this guidance helpful?

We need your feedback to improve this content.

Yes No