Cyber crime

Hampshire Constabulary

Alert from Action Fraud:

Action Fraud has received the first reports of Tech-Support scammers claiming to be from Microsoft who are taking advantage of the global WannaCry ransomware attack.

One victim fell for the scam after calling a ‘help’ number advertised on a pop up window. The window which wouldn’t close said the victim had been affected by WannaCry Ransomware.

The victim granted the fraudsters remote access to their PC after being convinced there wasn’t sufficient anti-virus protection. The fraudsters then installed Windows Malicious Software Removal Tool, which is actually free, and took £320 as payment.

It is important to remember that Microsoft’s error and warning messages on your PC will never include a phone number. Additionally Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication they have with you must be initiated by you.

How to protect yourself:

  • Don't call numbers from pop-up messages.
  • Never allow remote access to your computer.
  • Always be wary of unsolicited calls. If you’re unsure of a caller’s identity, hang up.
  • Never divulge passwords or pin numbers.
  • Microsoft or someone on their behalf will never call you.

If you believe you have already been a victim

  • Get your computer checked for any additional programmes or software that may have been installed.
  • Contact your bank to stop any further payments being taken.

If you have been a victim of fraud or cyber crime, please report it to Action Fraud at http://www.actionfraud.police.uk/

 

Updated information from the National Cyber Security Centre

Please find below some updated information from the National Cyber Security Centre relating to the recent global ransomware attacks. The information comes directly from the NCSC.

If you have any concerns or queries please contact Hampshire Constabulary’s Cyber Protect team on DIICyberProtect@hampshire.pnn.police.uk

Hampshire Constabulary is working to support the National Crime Agency (NCA) and City Of London Police, who are leading on the response to the international co-ordinated Wanna Cry ransomware attack. Whilst the attack is very much under control at this stage, it is reasonable to expect that new variants of this ransomware may surface, which is why it is vital that you take action to protect your organisation now. Just taking a few simple steps can greatly increase your defences against ransomware. The three most important steps to take are:

1. Ensure you are running the latest version of software and operating system available and install system and app updates on all devices as soon as they become available;

2. Make your that you have anti-virus or anti-malware software on all devices and keep it updated;

3. Back-up regularly: create regular back-ups of your important files to a device (e.g. external hard drive) that isn’t left connected to your network – because any malware such as ransomware could spread to that, too.

Further excellent advice and technical guidance has been issued by the National Cyber Security Centre and can be found here: https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance

If you have been affected by ransomware, please report it straight away via the cybercrime reporting portal at Action Fraud via this link: http://www.actionfraud.police.uk/report-a-fraud-including-online-crime

For more advice and guidance, please follow @HCCyberProtect on Twitter. Hampshire Constabulary’s Cyber Protect team can be contacted via e-mail: DIICyberProtect@hampshire.pnn.police.uk


Latest Situational Awareness: https://www.ncsc.gov.uk/news/latest-statement-international-ransomware-cyber-attack-0
Current Guidance for Home Users: https://www.ncsc.gov.uk/guidance/ransomware-guidance-home-users
Current Guidance for Enterprise Admins: https://www.ncsc.gov.uk/guidance/ransomware-guidance-enterprise-administrators
General Ransomware Protection Advice: https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware


MESSAGE FROM NATIONAL CYBER SECURITY CENTRE (NCSC):

Since the global coordinated ransomware attack on thousands of private and public sector organisations across dozens of countries on Friday, there have been no sustained new attacks of that kind. But it is important to understand that the way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks.

This means that as a new working week begins it is likely, in the UK and elsewhere, that further cases of ransomware may come to light, possibly at a significant scale.

Our national focus must therefore be on two lines of defence.

The first is to limit the spread and impact of the attacks that have already occurred. Due to broad government and partner efforts, a variety of tools are now publicly available to help organisations to do this. This guidance can be found on our homepage – ncsc.gov.uk – under the title Protecting Your Organisation From Ransomware: https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance

We know already that there have been attempts to attack organisations beyond the National Health Service. It is therefore absolutely imperative that any organisation that believes they may be affected, follows and implements this guidance. We have set out two pieces of guidance: one for organisations and one for private individuals and SMEs which can be applicable regardless of the age of the software in question. It will be updated as and when further mitigations become available and we will announce when updates have been made on Twitter (@ncsc) and elsewhere.

Secondly, it is possible that a ransomware attack of this type and on this scale could recur, though we have no specific evidence that this is the case. What is certain is that ransomware attacks are some of the most immediately damaging forms of cyber attack that affects home users, enterprises and governments equally.

It is also the case that there are a number of easy-to-implement defences against ransomware which very considerably reduce the risk of attack and the impact of successful attacks. These simple steps to protect against ransomware are not being applied by either the public or organisations as thoroughly as they should be.

Three simple steps for companies to undertake which are also set out on our website (https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware) and can be summarised as follows:

Protecting your organisation from ransomware - NCSC Site
www.ncsc.gov.uk

How does ransomware infect your system? Computers are infected with ransomware via a number of routes. Sometimes users are tricked into running legitimate-looking ...

1. Keep your organisation's security software patches up to date
2. Use proper anti-virus software services
3. Most importantly for ransomware, back up the data that matters to you, because you can't be held to ransom for data you hold somewhere else.

Home users and small businesses can take the following steps to protect themselves:
1. Run Windows Update
2. Make sure your AntiVirus product is up to date and run a scan – If you don’t have one install one of the free trial versions from a reputable vendor
3. If you have not done so before, this is a good time to think about backing important data up – You can’t be held to ransom if you’ve got the data somewhere else.

In the days ahead, the NCSC, working closely with the National Crime Agency in support of their criminal investigation, and with international partners in both other governments and the commercial sector, will continue our round-the-clock effort to get ahead of this threat. We would like to reassure the public that resources from the Government, law enforcement and public and private sector organisation are working together to manage further disruption from the current attack and to increase protection against any further attacks in the coming days. The country's security and law enforcement agencies are working round the clock to protect the public. Private sector efforts have made a very significant contribution to mitigate the cyber attacks so far and to prevent further disruption.

5 Cyber Protect Top Tips:
Use strong passwords – at least 10 characters, mix of letters, numbers & symbols;
Install & use anti-virus/malware & firewalls;
Don’t ignore software updates! Install them a.s.a.p;
Back-up regularly;
Never give out your personal details to someone you do not know or trust.


Top tips for protecting against cyber crime:

Use a strong password or passphrase
Use a minimum of 10 characters or a sentence of words that you will remember and include characters and symbols. Consider replacing letters with similar looking numbers (e.g. E = 3, A= @) or use words in a language other than English.

Install security software (i.e. anti-virus, firewall for a network) and make sure that it is up to date
Computers are generally set to do this automatically, but don’t ignore the prompts to update when they flash up, do it straight away.

Keep software and apps up to date
You will see notifications of updates as pop-ups or an alert on your app store, don’t ignore. These often contain security fixes so update as soon as possible.

Think about what information you put online
If you wouldn’t make it public knowledge in the real world don’t put it online. Cyber criminals search for info that could enable them to impersonate you online.

Verify who an email is from before responding
If it looks suspicious, delete or check with the sender, remember to use an independent means of contact. Don’t reply directly to the suspect email.

Never click on links in emails unless you are certain who it is from
These are generally just junk mail or could contain malicious software which could compromise your computer systems and your information.

Back up important information regularly
If you have important documents or photos which you wouldn’t want to lose, back these up on a memory stick, external hard-drive, or all three to be extra secure.

Don’t pass sensitive information over public Wi-fi
It can be easy for a criminal to access public Wi-fi with the intention of capturing usernames and passwords.

Consider encrypting confidential data
If you are sending confidential data or personal information, encrypting it will make it a lot more secure.

Promote good information security culture
If you work within a company or an organisation, making sure staff are aware of the risks and simple steps to take to protect against cyber threats can massively help protect your systems and your data.

Ask for help or report a cyber crime
Speak to a friend or family member or if you suspect a crime call Action Fraud or the Police.

Further sources of help can be found at:
www.actionfraud.police.uk
www.getsafeonline.org

Contact the Hampshire Constabulary Cyber Protect team

Email: DIIProtect@hampshire.pnn.police.uk

Twitter: @HCCyberProtect