MPs and peers urged not to use personal email as WannaCry spreads

MPs and peers have been warned not to use personal emails on parliamentary Windows computers in the wake of WannaCry ransomware outbreak

MPs and peers have been urged not to access personal email on their parliamentary computer systems as the WannaCry ransomware continues to spread.

In an email to MPs, peers and all employees, Rob Greig, director of the Parliamentary Digital Service, said the service was taking active measures to protect parliamentary systems, data and users.

More than 200,000 computers in 150 countries are believed to have been hit by WannaCry ransomware that encrypts data and demands payment for its release of data, with experts warning that further attacks are likely.

Grieg advised parliamentarians not to use non-parliamentary email services on parliamentary Windows computers, following the outbreak on Friday 12 May.

“It is very important that you avoid using Gmail, Yahoo mail and other personal email services on parliamentary equipment operating on Microsoft Windows,” he wrote in an email sent out at 7.30pm on Friday.

Parliamentarians were also advised to “exercise caution” when opening emails on personal devices, with the warning that “failure to follow this advice could expose Parliament to a security compromise”.

Email issues experienced in Parliament on Friday were caused by a “technical problem” which had been resolved and were in “no way associated with the current threat”.

WannaCry cyber attack exploits Windows vulnerabilities

The ransomware, also known as WCry, WannaCrypt, Wanna Decryptor and WanaCrypt0r, spreads initially as malicious software (malware) contained in an email attachment.

Once it has infected a computer, the malware exploits a vulnerability in unpatched Windows computers to spread to networked computer systems.

It makes use of a Microsoft Windows vulnerability, known as Eternal Blue, developed by the US National Security Agency (NSA) as part of its arsenal of hacking tools. The code for the vulnerability was leaked online by a hacking group, known as Shadow Brokers, in April, making its exploitation almost inevitable.

The NHS, which has large numbers of older Windows computers, was badly hit by WannaCry, with reports of patients being turned away and elective surgery being cancelled as the ransomware hit more than 50 NHS trusts in England and Scotland.

Continue reading…