NENA Warns of Ransomware Attack
Monday, May 15, 2017 | Comments

The National Emergency Number Association (NENA) warned of a widely reported ransomware attack affecting both private- and public-sector enterprises in multiple countries.

NENA said it is not aware of any attacks affecting public-safety answering point (PSAP) systems or 9-1-1 services so far. However, reporting indicates that life-safety institutions in the U.K., including several hospitals, have been affected, the organization said.

The so-called “WannaCry” attack leverages recently released vulnerabilities and exploit techniques to take control of Windows-based computers. After infecting vulnerable machines, the attack software encrypts data on the system and demands payment of $300 or more in BitCoin, an internet currency. Victims that fail to pay are threatened with deletion of the encryption key, which renders their data irretrievable.

To protect critical public safety services from this attack, NENA recommends that members take the following steps:
• PSAP IT departments should download, validate, test and install a Microsoft-issued patch to all affected machines as soon as possible. Microsoft has issued a critical security bulletin and update (MS17-010) to resolve the vulnerability.
• Center Managers should ensure that on- and off-site backups for all critical systems are being routinely maintained. Existing backups should be verified and test restores performed using systems without an active internet connection.
• PSAP IT departments should consider permanently disabling the SMB 1.0, SMB 2.0, and CIFS file sharing support of all Windows systems. SMB 3.0 is currently maintained, offers higher speeds, and provides greater security than these legacy protocols.
• Shift supervisors should remind front-line employees to report any unusual computer behavior, and to exercise added care when clicking links and entering credentials, even in normally-trusted systems.

In the event of an attack, users should not pay and contact their local FBI field office, notify the National Cybersecurity and Communications Integration Center of any 9-1-1 service impacts at 888-282-0870, and take steps to preserve log files and other materials that may have forensic value.

Post a comment
Name: *
Email: *
Title: *
Comment: *


No Comments Submitted Yet

Be the first by using the form above to submit a comment!

Site Navigation