The major cyber attack that occurred globally in recent days is unprecedented in terms of scale and speed of onset. Whereas ransomware attacks via malicous e-mail attachment have become commonplace, this newly discovered malware type, generally referred to as WannaCry2 is both "cryptor" and "worm" - it possesses the ability replicate functional copies of itself to other networked hosts without the need for users to click on links or otherwise interact. As such, it can spread very rapidly from machine to machine.
WannaCry2 is known to exploit a recently discovered SMB vulnerability in Microsoft Windows operating system. The vulnerability and exploit became publicly available in the so-called "NSA ShadowBrokers dump" of April 14th, 2017.
The National Cyber Security Centre (NCSC), in the Department of Communications, Climate Action and Environment is monitoring the situation on an ongoing basis, and remains in close contact with international counterparts and with public and private sector entities in Ireland, both in terms of the dealing with the threat and taking measures to ensure that the impact of any future variants of this malware is limited.
The NCSC has issued a series of Advisory notices to Government Departments and Agencies over the weekend, as this issue has developed. The latest, on Sunday afternoon, gives a detailed assessment of the malware type, and of the measures that entities might take to deal with this, as well as providing material that entities might use to inform staff of the risks that arise in this space, and the general measures that they should take on a daily basis to prevent ransomware.
IT Departments across Government and the private sector have been working over the weekend to upgrade IT equipment and to apply patches to deal with the vulnerability that this malware exploits. Most of these works will be completed over the weekend, but in some cases there will be minor disruption to IT services tomorrow as works are completed and systems are brought back online.
The impact of this on Ireland has been limited thus far, but this may change as the situation evolves. The NCSC will continue to monitor the situation, and to support constituents as the situation develops.
The general advice to everyone, both business and private users is to upgrade Anti Virus software as soon as possible, and, if not already in place, to institute a regular programme of backups.
Following the attacks on the NHS on Friday which limited the delivery of many of services in the UK, the HSE has been working over the weekend in order to prevent its Network from being compromised. As staff go back to work tomorrow, the HSE is advising all of its staff to TURN ON their computers but DO NOT LOG ON for a full two hours. This will allow the anti-virus capability to become active while still allowing the Network will remain protected. Each health building will have an IT representative to provide assistance in the morning. There is also a dedicated help-desk function in place for dealing with this crisis. An important message for all computer users is THINK BEFORE YOU CLICK.