In the spirit of my ongoing InfoSec openness, here's the messaging I've prepared around our Group's education and call to action around WannaCrypt:
Many of you will have read about last week’s Global cyber attack that caused a number of organisations to be seriously impacted including the National Health Service in the UK and Telefonica in Spain. Over 70 countries were affected in total.
The attack took the form of ‘ransomware’ that caused computer-held files to be made unreadable (encrypted) unless a payment was made to the attackers via the 'Bitcoin' online currency.
Currently we have no reports of any impact to Group services or systems from this attack.
The attack relied upon a combination of malicious software being run, poor IT configuration practices, and the exploit of older, unpatched/out-of-support systems such as Windows XP and 2003.
The Group have a large and complex IT infrastructure that is continually being improved, strengthened and made more secure. The Group Security Team has been working across our brands to ensure this effort gains pace in an ever-increasing threat landscape.
I would ask that each of you please continue your already-brilliant support to the Group’s cyber defences by following these four simple best practices:
- Be vigilant when opening unsolicited emails, and avoid opening or saving any related attachments unless certain of their trusted origin;
- Avoid plugging personal or other USB storage devices into Group computer systems unless they have been recently scanned for malware and viruses by using an up-to-date security product;
- Avoid downloading and running software from the Internet to your workstations unless part of your normal Group role;
- Immediately report suspicious activity you witness on any computer system that you suspect may be under attack to [internal email address redacted] Unusual activity can include windows appearing and then vanishing spontaneously, the keyboard appearing to type by itself onscreen, or unusual flickering of your computer display.
The Group Security Team [internal email address redacted] are here to support and answer any questions you may have about the attack or any other aspect of security. We are based on the 1st floor of the Southwark, UK office, and I can be reached via Slack (@anders).
Thank you for your time, interest and ongoing support.
Photobox Group CISO, Dinis Cruz, has also posted his own advisory to our Group Tech teams.