NHS Cyber Attack How Is FinancialAdvice Protected

NHS Cyber Attack - How is FinancialAdvice.net Protected?

We have all heard about the NHS cyber-attack and attacks on 70 other countries around the globe.

Our website servers are hosted by UKFast.Net Ltd, a business-to-business hosting company based in Manchester, UK and the largest hosting company in the UK.  It is principally known for managed hosting, cloud services, and colocation. The business also owns a data centre complex in Trafford Park, Manchester.

They have issued the following update

"Global Ransomware Attack UPDATE

The ransomware attack, called Wana Decrypt0r 2.0, locks users out of their devices and data, encrypting all data and demanding a ransom for the decryption key via the Tor Network.  This malware is allegedly utilising the ‘EternalBlue&rsquo ; exploit discovered by the NSA which has recently been leaked by a group of hackers known as ‘The Shadow Brokers’.   This malware appears to take advantage of the SMB (Server Message Block) protocol which is utilised heavily within the Microsoft operating system with an exploit to gain remote system access.  The malware isn’t currently known to be distributed via email, however this is a very likely candidate for further exposure and spread of the malware.  With this in mind, please apply extreme caution when opening any email attachments.

Our technical engineers led by myself and a number of in-house Windows and security experts have been on high alert since yesterday's announcement and we have been working through the night to protect all our clients, infrastructure and firewalls to block this attack vector and prevent it from causing harm.

The application requires the older version 1 of the SMB  protocol for the exploit to work however this is still present in all windows versions. A patch was released for Windows 2008r2 and above (Windows 2012,2012r2 and 2016) in March and will have been applied to your server if you have automatic updates enabled. However Windows 2008 and windows 2003/2003r2 operating systems are vulnerable to this attack. The Operating system is ‘out of life’ and operating predecessors have already had patched that deny the vulnerability. Good news! Microsoft has jumped in and released a patch specific for those operating systems that could be potentially affected.

We don’t allow the specific network ports external to our network and nullify the majority of the application to run or communicate out.

We updated McAfee policies yesterday and forced this to all clients using our anti-virus within our estate and as the information developed, released further countermeasures this morning. (13/05/2017)

If you are running windows from 2003 to 2008 or do not have automatic updates enabled on the newer versions of windows, please if possible run windows updates and install and reboot as soon as possible."  Simon Saffidine, Director of Technical Services, UKFast.NET Ltd.

So what did the NHS do wrong?  Old windows systems, not updating windows, not updating virus protection and not backing up data is the likely cause.

What does Roberts Clark and FinancialAdvice.net do?

• Individual PCs, desktops, laptops, tablets and smartphones ALL HAVE THE LATEST operating systems updates (and are done automatically).

• Individual PCs, desktops, laptops, tablets and smartphones ALL HAVE THE LATEST anti-virus and firewall systems updates (again all are done automatically).

• Individual PCs, desktops, laptops, tablets and smartphones are ALL BACKED UP daily, with back-up data held offsite.

• Servers:  As you can see from above from UKFast, our servers are up to date.  UKFast confirm they have not heard of a single customer of UKFast being affected by this particular ransomware and they are continuing on high alert for the foreseeable future until the risk subsides.