Cyberattack on UK Houses of Parliament

The National Cyber Security Centre is reporting that there has been an attack on the United Kingdom’s government Parliament communication systems. As of June 24, 2017, an official statement provided by a spokesperson from the NCSC states:

“The NCSC is aware of incident and working around the clock with the UK Parliamentary digital security team to understand what has happened and advise on the necessary mitigating actions.”

The Houses of Parliament (“Commons”) Press Office Twitter account tweeted this statement on the cyber incident earlier today:

“We have discovered unauthorized attempts to access accounts of parliamentary network users and are investigating this ongoing incident, working closely with the National Cyber Security Centre. Parliament has robust measures in place to protect all of our accounts and systems, and we are taking the necessary steps to protect and secure our network. As a precaution we have temporarily restricted remote access to the network. As a result, some Members of Parliament and staff cannot access their email accounts outside of Westminster. IT services on the Parliamentary Estate are working normally.

We will continue to keep Members of both Houses of Parliament and the public updated as the situation develops.”

This latest attack comes just a few weeks after a major cyberattack involving the WannaCry ransomware hit 48 of the United Kingdom’s National Health Service public services as well as other institutions. That attack occurred on May 13, 2017 and was a globally coordinated effort was a major cyberattack on thousands of private and public sector companies and organizations across dozens of countries, including the United States.

The NCSC, in an updated statement on this cyberattack on May 14, 2017, made clear that there was an expectation that additional cases of ransomware could come to light, and possibly at a significant scale, beyond the original attack.

Liberal Democrat peer Lord Rennard revealed the attack publicly on Twitter today, and asked his followers to send any “urgent messages” to him by direct message to three related Twitter accounts: @LibDemLords, @LabourLordsUK and @Torypeers.

 

The NCSC also issued the following guidance for large and small companies as well as individuals to help defend against cyberattacks:

Companies can undertake three simple steps as follows:

  1. Keep your organisation’s security software patches up to date
  2. Use proper antivirus software services
  3. Most importantly for ransomware, back up the data that matters to you, because you can’t be held to ransom for data you hold somewhere else.

Find the NCSC guidance for companies here.

Home users and small businesses can take the following steps to protect themselves:

  1. Run Windows Update
  2. Make sure your antivirus product is up to date and run a scan – if you don’t have one install one of the free trial versions from a reputable vendor
  3. If you have not done so before, this is a good time to think about backing important data up – you can’t be held to ransom if you’ve got the data somewhere else.

Find the NCSC guidance for home users and small businesses here.