Major companies, health care organizations and government agencies are facing a wave of cyberattacks involving ransomware that takes control of computers and denies access until a ransom is paid.  These attacks are occurring on a global scale and in some cases are having a significant impact on business and healthcare operations.  The cyberattack has disrupted targets throughout the world from Britain’s National Health Service to US Fortune 500 companies, the Russian Foreign Ministry, and universities in China.

Protecting Against the Threat

Security measures that can be taken to help protect against the threat are evolving as more information becomes available. Key measures that we advise counsel to confirm are in place include:

• Anti-virus signatures. Anti-virus signatures that will protect against known variants of the ransomware are available for most products. Your IT department should confirm availability and deployment of those signatures.
• Monitoring. Your information security team should monitor for new variants of the ransomware and take action to maintain protection against those new variants through deployment of updated malware signatures as available.
• Containment Plan. In the event that systems are compromised, as a priority action contain the affected system as quickly as possible to stop the spread of the ransomware within the network while otherwise activating your organization’s incident response plan.
• Response Plan. Consider now how your organization would likely address key issues raised by ransomware attacks, such as whether and how to pay ransom; how to interact with law enforcement; and the process by which to restore operations

Additional Resources: Government agencies are partnering with the private sector to develop a better understanding of the threat and to provide information on measures to protect IT systems. Below is a sampling of government alerts issued at this time:

• UK National Health Service England: NHS England statement on reported NHS cyber attack from https://www.england.nhs.uk/2017/05/nhs-england-statement-on-reported-nhs-cyber-attack/
• UK National Fraud and Cyber Crime Reporting Centre: NHS hit by large scale cyber attack from http://www.actionfraud.police.uk/news/nhs-hit-by-large-scale-cyber-attack-may17
• US Health and Human Services (HHS) Office of Civil Rights: Statement from the Office of the National Coordinator for Health IT, from http://www.fiercehealthcare.com/privacy-security/ransomware-attack-shuts-down-nhs-hospitals-as-malware-spreads-across-12-countries
  • HHS has also provided the following general information alerts and guidance about ransomware: HHS Office for Civil Rights, Cyber Newsletters from:
    • https://www.hhs.gov/sites/default/files/hippa-cyber-awareness-monthly-issue1.pdf
    • https://www.hhs.gov/sites/default/files/hipaa-cyber-awareness-monthly-issue3.pdf
    • https://www.hhs.gov/sites/default/files/february-2017-ocr-cyber-awareness-newsletter.pdf
• US Department of Homeland Security, US-CERT: Indicators Associated with WannaCry Ransomware US Department of Homeland Security, from https://www.us-cert.gov/ncas/alerts/TA17-132A
• US-CERT has also provided the following general information alert: Multiple Ransomware Infections Reported, from https://www.us-cert.gov/ncas/current-activity/2017/05/12/Multiple-Ransomware-Infections-Reported
• Spain’s CN-CERT: Identificado ataque de ransomware que afecta a sistemas Windows. Ccn-cert.cni.es. Retrieved 13 May 2017, from https://www.ccn-cert.cni.es/seguridad-al-dia/comunicados-ccn-cert/4464-ataque-masivo-de-ransomware-que-afecta-a-un-elevado-numero-de-organizaciones-espanolas.html [in Spanish]

Hogan Lovells’ multi-disciplinary cybersecurity team is monitoring and advising on these developments globally.

Authors acknowledge the valuable input to this post provided by Jeffrey Lolley, Managing Principal, Hogan Lovells Cyber Risk Services.