Search NENA.org
Sign In
Sign In securely
NENA News
Calendar

3/1/2017 » 6/1/2017
Illinois NENA/APCO Virtual 5K 9-1-1 Run

6/3/2017 » 6/8/2017
NENA 2017 Conference & Expo

7/10/2017 » 7/14/2017
CMCP - Galloway, NJ

7/15/2017 » 7/29/2017
ENP Exam - Summer 2017

7/31/2017 » 8/4/2017
CMCP - Naples, FL


NENA News, Press, & Stories...: Home Page

NENA Bulletin on May 12 Widespread Cyber Attacks

Friday, May 12, 2017   (0 Comments)
Posted by: Chris Nussman
Share |

On Friday, May 12th, 2017 NENA Headquarters became aware of a widely-reported ransomware attack affecting both private- and public-sector enterprises in multiple countries. Open-source reporting on the attack is available here. NENA is not aware of any attacks affecting PSAP systems or 9-1-1 service at this time. However, reporting indicates that life-safety institutions in the U.K., including several hospitals, have been affected. Consequently, we are issuing this special alert to help members defend against any attacks that may occur.

 

The so-called “WannaCry” attack leverages recently-released vulnerabilities (CVEs 2017-0143 through 0148) and exploit techniques to take control of Windows-based computers. After infecting vulnerable machines, the attack software encrypts data on the system, and demands payment of $300+ in an internet currency known as BitCoin. Victims that fail to pay are threatened with deletion of the encryption key, which renders their data irretrievable.

 

Mitigation Steps

 

To protect critical public safety services from this attack, NENA recommends that members take the following steps:

 

1.      PSAP IT departments should download, validate, test, and install a Microsoft-issued patch to all affected machines as soon as possible. Microsoft has issued a critical security bulletin and update (MS17-010) to resolve the vulnerability.

2.      Center Managers should ensure that on- and off-site backups for all critical systems are being routinely maintained. Existing backups should be verified and test restores performed using systems without an active internet connection.

3.      PSAP IT departments should consider permanently disabling the SMB 1.0, SMB 2.0, and CIFS file sharing support of all Windows systems. SMB 3.0 is currently maintained, offers higher speeds, and provides greater security than these legacy protocols.

4.      Shift supervisors should remind front-line employees to report any unusual computer behavior, and to exercise added care when clicking links and entering credentials, even in normally-trusted systems.

5.      In the event of a compromise, DO NOT PAY! Contact your local FBI field office, notify the National Cybersecurity and Communications Integration Center of any 9-1-1 service impacts at 888.282.0870, and take steps to preserve log files and other materials that may have forensic value.

 

 PSAPs with questions or concerns may contact Trey Forgety at tforgety@nena.org or via telephone at 202.681.4392.

 


(c) 2013-14 NENA - National Emergency Number Association, Alexandria, VA
Please report errors, omissions, or concerns to NENA's Webmaster
Forgot your User Name or Password? - Automated Password Reset

NENA Intellectual Property Rights Policy