arturas kerdokas - Fotolia
MPs and peers have been urged not to access personal email on their parliamentary computer systems as the WannaCry ransomware continues to spread.
In an email to MPs, peers and all employees, Rob Greig, director of the Parliamentary Digital Service, said the service was taking active measures to protect parliamentary systems, data and users.
More than 200,000 computers in 150 countries are believed to have been hit by WannaCry ransomware that encrypts data and demands payment for its release of data, with experts warning that further attacks are likely.
Grieg advised parliamentarians not to use non-parliamentary email services on parliamentary Windows computers, following the outbreak on Friday 12 May.
“It is very important that you avoid using Gmail, Yahoo mail and other personal email services on parliamentary equipment operating on Microsoft Windows,” he wrote in an email sent out at 7.30pm on Friday.
Parliamentarians were also advised to “exercise caution” when opening emails on personal devices, with the warning that “failure to follow this advice could expose Parliament to a security compromise”.
Email issues experienced in Parliament on Friday were caused by a “technical problem” which had been resolved and were in “no way associated with the current threat”.
WannaCry cyber attack exploits Windows vulnerabilities
The ransomware, also known as WCry, WannaCrypt, Wanna Decryptor and WanaCrypt0r, spreads initially as malicious software (malware) contained in an email attachment.
Once it has infected a computer, the malware exploits a vulnerability in unpatched Windows computers to spread to networked computer systems.
It makes use of a Microsoft Windows vulnerability, known as Eternal Blue, developed by the US National Security Agency (NSA) as part of its arsenal of hacking tools. The code for the vulnerability was leaked online by a hacking group, known as Shadow Brokers, in April, making its exploitation almost inevitable.
The NHS, which has large numbers of older Windows computers, was badly hit by WannaCry, with reports of patients being turned away and elective surgery being cancelled as the ransomware hit more than 50 NHS trusts in England and Scotland.
The ransomware outbreak raises questions about the balance between the collection of security vulnerabilities by the intelligence services for spying purposes and their duty to inform software companies so they can issue patches to protect against their exploitation by cyber criminals.
The Parliamentary Digital Service declined to say whether any parliamentary computers had been infected, or what steps it had taken to protect parliamentary systems, data and users.
It issued a boiler plate response to questions from Computer Weekly, with a stipulation that it be reproduced in full: “Parliament remains vigilant and takes cyber security extremely seriously, regularly reviewing and responding to evolving threats to ensure the integrity of the Parliamentary network,” the statement read.
“Although we do not provide details of specific security steps, all staff are given guidance on how to keep information and computer systems safe, such as the importance of strong passwords and the need to be vigilant against suspicious emails.”