On May 12, 2017, a ransomware package known as "WannaCry" appeared in the news. This program targets Windows systems using various vulnerabilities and exploits them to propagate across networks. Several networks were affected, including the NHS in the UK.
In some cases, the program proceeds to encrypt data and then demands a payment to provide an unlocking key. It also threatens to permanently delete the encrypted data unless users submit payments within a limited time. Without the unlocking key, it is impossible to decrypt the data.
Microsoft security advice
Microsoft has issued a security advisory and update for all supported operating systems (Windows Vista SP2 onwards) delivered via a Windows Update or from links. Microsoft also released a patch for Windows XP and Windows Server 2003.
The anti-virus and malware package providers have also provided updates to protect systems against this package.
CRB Cunninghams recommends that all Impact client PCs Point of Sale (PoS), revaluation unit controllers, pre-order kiosks, and back-office PCs use a supported version of Windows and regularly update those installations. Details on the support versions of Windows and the end of life details are available on the lifecycle FAQ page.
Configuring your school's anti-virus system
CRB Cunninghams also recommends that (where possible) Impact client PCs are provided with an anti-virus and malware package, which is also regularly updated. Please ensure you configure your anti-virus system and perform scheduled updates and scans outside the core service periods.
Many of our systems and client devices are installed within client networks (without internet or network access in some cases), which means we cannot provide automatic updates or anti-virus and malware protection for client devices running our software. We cannot guarantee that these devices can be patched and updated reliably.
We can assist in protecting those devices with our client's IT departments by providing them with any information required via the CRB Cunninghams helpdesk support service.
Enhancing your school's system security
To enhance the security of your system, as a minimum, you should check the following:
- All client installations (PoS, Revaluation units, pre-order kiosks etc.) should be running Windows 7 as a minimum operating system.
- Users with Windows XP should be immediately patched with the update link above and upgraded to Windows 7 or later as soon as possible.
- All host PCs (Kitchen PCs, back-office PCs etc.) should be Windows 7 or later and should include patches and security updates. These machines are sometimes used for other purposes (e.g. Office) and therefore should consist of a regularly updated anti-virus & malware package.
- Host PCs should disable SMB V1 - please find instructions for IT professionals in the links above. Please note that disabling SMB V1 may prevent some XP based clients from connecting even if they have been patched.
For further information or assistance, please get in touch with our helpdesk on the numbers below or email firstname.lastname@example.org.
Scotland, NE England & Cumbria, & N.Ireland
Our Support number is:
0131 440 6106
England & Wales
Our Support number is:
0333 014 3064