Like any family, we have grown over the years and now with four businesses making up the Xperience Group we felt it was time to consolidate and move house! To complement the launch of a new group website in August, we've changed the URL of our network status website from http://status.thecloudsimplified.com to http://status.xperience-group.com. Don’t worry, you'll still continue to receive notifications via your preferred method (email or text alert) but please take a moment to update your web browser bookmarks!

The UKs National Cyber Security Centre is reporting (https://www.ncsc.gov.uk/news/ncsc-statement-global-ransomware-incident) that a global ransomware campaign is currently in progress. Our network operations team are monitoring the situation and will provide more information as it becomes available.

To help protect your business from this emerging threat, it’s important that you have up to date anti-virus software installed, functional backups (preferably offsite backups) and that all known Windows Updates are applied to each of the PC’s and servers within your organisation. As this threat can spread in internet downloads, by email or on media such as CD’s and USB pen drives, your users should remain highly vigilant when opening files or emails from untrusted or unknown sources.

For further guidance about protecting your organisation from ransomware and what to do if you’ve been infected, please visit the National Cyber Security Centre website at https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware. Should you have any concerns, need advice or wish to report suspicious activity, please call us on 02892 677533, raise a technical support case via our helpdesk at https://support.xperience-group.com or email us at support@xperience-group.com.

For IT Managers
“US-CERT has received multiple reports of Petya ransomware infections occurring in networks in many countries around the world. Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable. Open-source reports indicate that the ransomware exploits vulnerabilities in Server Message Block (SMB). US-CERT encourages users and administrators to review the US-CERT article on the Microsoft SMBv1 Vulnerability and the Microsoft Security Bulletin MS17-010."

WannaCrypt0r Malware / Microsoft Windows SMBv1 Vulnerability

On Friday May 12th 2017 a new global ransomware campaign was observed to be exploiting a known vulnerability in Microsoft Server Message Block 1.0 (SMBv1) in order to install malware known as WannaCrypt0r (Also known as WannaCrypt, WannaCry, WCrypt & WCRY) which encrypts user files and demands payment via Bitcoin in order for the user to regain access to their data. At the time of writing, WannaCrypt0r has infected over 200,000 devices across 150+ countries and impacted organisations including the NHS (UK), Telefonica (Spain), Renault (France), Nissan (UK) and FedEx (USA).

To help protect your business by preventing the SMBv1 vulnerability from being exploited, it’s important that up to date Anti-Virus software is installed and that all known Windows Updates have been applied to each of the PC’s and Servers within your business. However, as with all malware, WannaCrypt0r can also spread in internet downloads, by email or on media such as CDs and USB pen drives so your users should remain highly vigilant when opening files or emails from untrusted or unknown sources.

Over the coming days our engineering team will be reaching out to those customers who we believe may be at risk so that mitigation measures can be implemented, however, should you have any concerns, need advice or wish to report suspicious activity, please call us on 02892 677533, raise a technical support case via our helpdesk at https://support.xperience-group.com or email us at support@xperience-group.com.

For further guidance about protecting your organisation from ransomware and what to do if you’ve been infected, please visit the National Cyber Security Centre website at https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware.

For IT Managers - You can help secure your environment by performing one or more of the following actions.

- Update your PCs & Servers via Windows Update
- Deploy Microsoft Patch MS17-010 (http://bit.ly/2pLx14T)
- For Legacy Systems (I.e. Windows XP) please see http://bit.ly/2qjXkjy)
- Disable SMBv1 (where possible) on all devices within your network or block the SMBv1 Ports (UDP 137, 138 and TCP 139, 445).
-- For further guidance, please see the following Microsoft Support article - http://bit.ly/2reUBHg.

Between the hours of 21:00 on April 28th 2017 and 09:00 on April 29th 2017 our engineering team will be performing core infrastructure maintenance on our London cloud platform.

What you need to know - Xperience IT Solutions would like to make customers aware of upcoming infrastructure maintenance to our London cloud platform. To ensure you continue to receive the best possible service, the upgrades taking place will help to increase capacity, improve performance as well as introducing additional features and functionality.

How will I be affected? - Whilst this work takes place, customer servers, hosted websites and OnApp GUI & API services will be unavailable. Prior to the work taking place, please ensure that users save their work and disconnect from their Citrix/RDP sessions.

Out of hours support - To ensure that this work is completed as quickly and efficiently as possible whilst also ensuring that each and every customer server is operating as expected at the end of the maintenance window, out of hours support will be available via our helpdesk at https://support.xperience-group.com and by telephone on 02892 677533. Should you have any queries, please contact our technical helpdesk or your account manager for further assistance.

What you should know

We’re publishing this as an urgent notification to all customers who currently use the Firefox web browser. Yesterday a zero-day vulnerability emerged within the Firefox web browser. It is currently exploiting Windows systems with a high success rate and affects Firefox versions 41 to 50 and the current version of the Tor Browser Bundle which contains Firefox 45 ESR.

Switch to an alternative secure browser

If you are currently using Firefox, we highly recommend that you temporarily switch browsers to Chrome, Internet Explorer, Safari or a non-Firefox based browser that is secure. Please do so until a further announcement is made to say that it has been made secure.

How could I be at risk?

The vulnerability allows an attacker to execute code on your Windows workstation. The exploit is public which means that hackers all over the world have access to it. At present there is no current fix for the issue.

Currently this exploit causes a workstation report back to an IP address based at OVH in France. This code can likely be repurposed to infect workstations with malware or ransomware. The exploit code is now public knowledge so we expect new variants of this attack to emerge rapidly.

This is a watering hole attack, meaning that a victim has to visit a website that contains this exploit code to be attacked.

For more information on this please click here

If you have any questions queries or concerns relating to this announcement, please contact:

support@xperience-group.com