Roche & Cie

Cybersecurity : The advices of the ANSSI

17 May 2017

The Anssi (French National Agency for Information Systems Security) recalls the rules to be followed to avoid the inconvenience caused by the rungs.

According to figures published by antivirus vendors, over 200,000 computers in no less than 150 countries have been infected with WannaCry.

A cyber attack unprecedented in its scale and speed of propagation, which has struck several companies, hospitals, banks and utilities all over the world.

The essential updates;

What is quite surprising in this attack is that it relies on a Windows security flaw that has been corrected by the US publisher several months ago. One can only conclude that the companies that were victims had not made the security updates proposed and strongly advised by Microsoft. However, as the National Agency for Information Systems Security (Anssi) points out in a press release posted on its website, it is absolutely necessary to apply without delay all the security updates of the system publishers (Windows, Mac OS, Linux) and Internet access software, such as browsers, for example. Given the risks involved in this wave of attacks, the agency says that if it is not possible to update a machine or server (due to an older operating system, Example “it is advisable to isolate it, or even to extinguish it, to apply the necessary measures”. Windows has also exceptionally published urgent patches for operating systems that it has not updated for several years (Windows XP, Windows 8, Windows Server 2003).

Of course, Anssi also recommends companies keep their antivirus software up to date.

Updating operating systems and antivirus is not enough to shelter the software that, once installed, blocks access to the machine data and demands a ransom for ” Release “. Other rules of good sense must also, according to the Anssi, be scrupulously followed:

  • never open e-mails whose origin or form is doubtful (e-mails are the “favorite” mode of contamination of the software);
  • Perform regular backups of company data on media that are not permanently connected to the machines (in the event of an attack, this will enable the machines to be formatted and then to reinstall the data).
  • Limit the access rights of the machines on the servers of the company (an infected machine will thus be more difficult to contaminate the server).

In case of attack

If your company is the victim of an attack of rannongiciel, the Anssi advises you:

  • Immediately disconnect any infected machine from the network;
  • Immediately alert internal IT departments or your service provider;
  • To back up important files on an isolated medium (taking care not to overwrite the last backup in case the files being copied are altered or already infected)
  • Not to pay the ransom.

Cabinet Roche & Cie, Chartered Accountant in Lyon, France.
Specialist in non-residents’ taxation