The ransomware that made the world cry

The last few days of the cybersecurity community have been heated up by a vast-scale ransomware attack rippling across the world. On Friday 12 May came the first announcements of victims infected with a ransomware dubbed WannaCry (also known as WCry or Wanna Decryptor). It soon became clear that the scale of this wave was bigger than usual. According to the last estimates, the malware infected more than 250,000 systems in as many as one hundred countries. The list of victims is long and includes notorious names across all sectors. In some cases, the malware had unfortunate consequences. For instance, a few hospitals in the United Kingdom had to cancel their scheduled surgeries and some students in China lost their graduation thesis.

What we know

The malware encrypts and adds the extension “.WCRY” to all files that match a list of 176 specific extensions including documents, database and backup files. The victim is requested to pay between USD 300 and 600 in Bitcoins to get its files back. So far, there is no evidence that a payment will effectively provide the key for decrypting the files. In their message, the authors threaten to delete the file forever if their request is not met within eight days. The international ambitions of this campaign are made clear by the fact that the ransom message is translated in 28 languages.

Once the initial host has been infected, the ransomware dropper makes use of the MS17-010 vulnerability of the Server Message Block (SMB) protocol to spread laterally through the network. The exploit using this vulnerability has been made public by the group Shadow Broker on 14 April 2017 in a leak of hacking tools allegedly crafted by a state actor. Microsoft had released a patch a month before.

Switzerland has not been spared. The Swiss GovCERT declared that until Sunday evening there were roughly 200 potential victims. The number of victims could steeply increase, as there are more than 5,000 systems directly connected to the Internet over a SMB protocol.

What is still unclear

Despite the overwhelming information, some points still remain unclear. First, it is not yet known how the dropper is initially delivered to the victims. According to one hypothesis a spear phishing e-mail should have spread the malicious attachment. However, no such e-mails have surfaced yet. In its alert, the US-CERT claimed that hackers gained access to the victims’ network either through Remote Desktop Protocol or through the exploitation of the critical Windows SMB vulnerability mentioned above. Second, the identity of the authors is wrapped in mystery. Given the financial nature of the attack, the dominant hypothesis states that the attack has been launched by a criminal group. However, it should not be forgotten that in the past even state actors were involved in spectacular heists. Fresh discoveries suggest that the malware might be linked to Lazarus, a state actor group believed to be involved in the infamous SWIFT attack against the Bangladesh Central Bank of February 2016. So far, the authors have neither spent nor transferred the Bitcoins they obtained. At this stage, it is difficult to make further assertions on the attribution of the attack.

Main takeaways

As previously mentioned, the exploit used in this attack was leaked in April this year. By that time, the vendor had already released a patch to correct the flaws. Unfortunately, many users ignored this threat and were not much eager to install the patch. This episode should serve as a reminder that threat actors will reuse leaked tools and that without a proper prophylaxis an incident is just around the corner.

As reported by the media, a young IT-security researcher could temporarily curb the attack by registering a “kill-switch” domain that told the ransomware to stop spreading itself. Unfortunately, new versions of the malware without this feature have already been spotted in the wild. Furthermore, the threat intelligence community generously shared a lot of indicators and advices helping organisations to identify, prevent and dwarf the impact of infections. These common efforts have to be praised and should continue in the future.

Recommendations

If not done yet, apply the MS17-010 patches immediately. As short-term actions, your IT team should consider to:

  • disable all external SMB access (blocking ports 137, 139 and 445 to/from the internet);
  • disable the use of the SMBv1 network file sharing protocol;
  • ensure two-factor authentication is in place for all necessary external accesses to systems (e.g. VPN and RDP);
  • update the antivirus signatures;
  • rapidly isolate the infected system from your corporate network to curb the spreading of the infection;
  • backup the encrypted files in case a decryption tool become available, if you have already fallen victim to the ransomware.

On a more long-term approach, consider to plan and exercise a business continuity programme, adopt and test an incident response strategy, a consistent patch and vulnerability management, as well as a regular backup policy and security awareness raising trainings.

PwC can provide you with the necessary assistance and counsel to address these issues and improve your overall security posture. PwC strongly believes in a holistic approach to cyber security by offering a wide variety of services covering all the phases of the cyber lifecycle: from strategy and policy development to its implementation and review.

In case of questions, please contact us at
cyberinvestigation@ch.pwc.com

 

CRS Updates May 2017

Second Edition of the OECD Standard for AEOI Released

On 27 March, 2017, the OECD published the second edition of the standard for Automatic Exchange of Financial Account Information in Tax Matters (“AEOI”). This newly released edition replaces the first edition of the standard for AEOI from July 2014.

The vast majority of the standard for AEOI remains unchanged relative to the first edition. In the second edition, Annex 3 “Common Reporting User Guide” is updated, as it now contains additional technical guidance on the handling of corrections and cancellations within the CRS XML Schema, including a revised set of correction samples.

Please refer to the following link for access to the second edition of the standard for AEOI: http://www.oecd.org/ctp/exchange-of-tax-information/standard-for-automatic-exchange-of-financial-account-information-in-tax-matters-second-edition-9789264267992-en.htm

Facility to Disclose CRS Avoidance Schemes Launched by OECD

On 5 May, 2017, the OECD launched a disclosure facility on the Automatic Exchange Portal allowing parties to share information on potential schemes, products, and/or structures that may be used to circumvent the Common Reporting Standard (“CRS”).

Parties are able to fill out a form through the Automatic Exchange Portal to describe any identified loopholes or schemes that may be used for avoiding the CRS. The form asks for a description of the scheme, information on how actively it is used, and a list of the countries or regions where the scheme is used . The OECD then systematically analyzes the received information on the reported schemes to assess the risk they present to the overall integrity and effectiveness of the CRS. If required, the OECD uses the acquired information to take appropriate courses of action. Parties may fill out the forms on an anonymous basis.

 

OECD Automatic Exchange Portal’s form

Contact

Christoph Schaerer
PwC Schweiz
+41 58 792 4282
christoph.shaerer@ch.pwc.com

Intensive Course on IFRS

June 2017
Courtyard by Marriott, Zurich

 

Does your company report in accordance with International Financial Reporting Standards (IFRS), or are you responsible for preparing the financial statements in compliance with IFRS? Is your company considering a move to IFRS? Or do you simply want to extend or to refresh your IFRS expertise? Then PwC’s intensive course on IFRS is right for you.

Objectives

Our module based IFRS course will help you deal with IFRS professionally and apply the standards competently by giving you:

  • a solid basic understanding of the most important IFRS/IAS standards and of recent developments
  • detailed knowledge of the content of these standards and how they are applied.

You will learn how IFRS facilitates transparent external reporting. But you will also find out how to use it as a helpful instrument that supports you in assessing the financial position of your company and in recognising priorities. The course shows you how to put the theory into practice.

Methodology and organisation

All modules are specially designed for finance specialists and users of IFRS. In class you have presentations, group work, case studies and sharing sessions to expand and apply what you have learned.

Although all participants are invited to join all 5 modules, please keep the following in mind while registering: on day 4 we will look at IFRS 15 and IFRS 9 from the viewpoint of corporate entities. On day 5 we will tailor the discussion for the needs of the financial services industry, with a focus on IFRS 9.

Date and location:
The course will be held in five modules, each lasting one day from 8:30 am to approx. 6 pm in English.

Module 1: Tuesday, 13 June 2017
Module 2: Wednesday, 14 June 2017
Module 3: Monday, 19 June 2017
Module 4: Tuesday, 20 June 2017
Module 5: Wednesday, 21 June 2017

Courtyard by Marriott
Max-Bill-Platz 19, CH-8050 Zurich

Fee:
1 module:     CHF 1,300 including VAT
2 modules:   CHF 2,500 including VAT
3 modules:   CHF 3,600 including VAT
4 modules:   CHF 4,500 including VAT
5 modules:   CHF 5,400 including VAT

This includes course documentation, refreshments (breaks and lunch) and parking.

Registration:
Please register online.

 

For more information click here.

Assess your organisation’s Diversity & Inclusion program with PwC

We know that Diversity and Inclusion (D&I) is good for business. Organisations that invest in D&I report seeing a number of advantages, such as an increased ability to attract talent, greater innovation and improved financial performance.

At PwC, we’ve found that the most effective D&I programs are comprised of four dimensions:

  • Understanding the Facts of Today
  • Building an Inspirational Strategy
  • Equipping Leaders for success
  • Creating Sustainable Movement

Take our short survey to assess your organisation’s Diversity & Inclusion program

Our new survey enables you to self-assess your maturity across those dimensions.

Click here to take our short survey and get your personnal Inclusion & Diversity assessment

The survey is short and easy to use, and when you finish the survey, you’ll receive an assessment of where your program is strongest and where there are areas of opportunity, as well as providing a benchmark of how you compare to others in your region and industry.

Take our short survey and get your personnal Diversity & Inclusion assessment

For more information on interpreting the results for your organisation or advice on how to become more Diverse and Inclusive, please contact Sue Johnson:

Sue Johnson
Senior Manager, Inclusion & Diversity, PwC Geneva
sue.johnson@ch.pwc.com / +41 58 792 90 98

Live PwC IFRS 17 webcast

IFRS 17 is coming – Why should you care about it?

In May 2017, the IASB will be finalising its long-standing project on insurance accounting and publish IFRS 17.

As an insurer, you will need to apply IFRS 17 for annual periods beginning on or after 1 January 2021. IFRS 17 will fundamentally change the accounting for all entities that issue insurance contracts and investment contracts with discretionary participation features.

Join our live webcast on IFRS 17, ‘Insurance Contracts’, on 31 May 2017 when we’ll be joined by Darrell Scott, an IASB board member. During the webcast you’ll get:

  • An overview of the accounting requirements
  • Practical issues that your organisation should consider in relation to IFRS 17
  • Expected implementation challenges

Webcast details

Date: Wednesday 31 May 2017

Time: 11:00 (GMT + 01:00)

 

Registration

You will receive a link to join the webcast from Alex Bertolotti, our Global IFRS Insurance Leader, nearer the time.

Contact

Patrick Maeder
Partner – FS Advisory
PwC Switzerland
+41 58 792 4590
maeder.patrick@ch.pwc.com

PwC Legal: Immigration Alert Switzerland (11 May 2017)

New labour market restrictions for Romanian and Bulgarian nationals

Background

As of 1 June 2016, labour market restrictions were lifted for the gainful employment of Romanian and Bulgarian nationals hired locally in Switzerland. Thus, for the past twelve months, citizens of these two countries have had free access to the Swiss labour market.

Under the terms of the Agreement on the Free Movement of Persons (AFMP), the so-called ‘safeguard clause’ allows the Swiss Government to reintroduce temporary restrictions on the access of Romania and Bulgaria nationals to the Swiss labour market if the number of new arrivals exceeds a certain threshold. Between June 2016 and May 2017, the number of Romanian and Bulgarian nationals applying for long-term work and residence permits exceeded the threshold.

New labour market restrictions

On 10 May 2017, the Swiss Government decided to limit temporarily the number of long-term work and residence permits (B-permits) for Romanian and Bulgarian nationals to a maximum of 996 B-permits to be released quarterly over the next 12 months. Short-term L-permits are not affected.

The Swiss Government justified its decision based on the fact that, since June 2016, a large number of Romanian and Bulgarian nationals had obtained work permits for seasonal employment in sectors that have above-average unemployment rates.

How does this impact employers/employees?

Romanian and Bulgarian nationals holding B-permits and who will continue to be employed in Switzerland are not affected by the restrictions outlined above. However, the long-term employment of Romanian and Bulgarian nationals not yet residing legally in Switzerland might become more difficult due to the limitation of B-permit quotas to 996 over the next 12 months. Swiss employers may nevertheless continue to employ Romanian and Bulgarian nationals on the basis of short-term L-permits, which are not limited by a quota.

***

PwC will continue to monitor the Swiss immigration authorities’ practice at the federal and cantonal levels very closely, and we will advise all clients about any upcoming changes.

 

Please reach out to us should you wish to have more information on this alert.

 

Your PwC contacts:

Mirela Stoia
PwC Geneva
+41 58 792 91 16
mirela.stoia@ch.pwc.com

Martin Zeier
PwC Basel
+41 58 792 52 74
martin.zeier@ch.pwc.com

PwC Deal Talk – Doing Deals in France from a Swiss Investor’s Perspective

Edition 3/2017

With nearly 600 kilometers of common border, France and Switzerland have historically maintained close trading ties. In 2015, Swiss exports to France amounted to USD 14.4 bn mainly consisting of pharmaceutical and chemicals products and watchmaking items. With cumulative invested capital of EUR 42.4 bn at the end of 2015, Switzerland is amongst the biggest foreign investors in France.

France recently emerged as one of the most active European countries in terms of venture capital investments, paving the way for further foreign capital inflow. In the meantime, the French economy is slowly recovering from the 2008 global financial crisis and has shown a GDP growth reaching 1.1% in 2016. This recovery was also visible in M&A activity, which increased in terms of value and number of deals, particularly in the past three years.

Nonetheless, the French market is distinct from the rest of Europe and investors need to be aware of some unique features applicable to transactions. With first-hand experience and local teams on the ground, PwC can help you to avoid common pitfalls when doing deals in France.

Read Attachment

Contact Us

Sascha Beer
Partner
Corporate Finance / M&A
Tel. +41 58 792 1539
sascha.beer@ch.pwc.com

Nico Psarras
Partner
Head of Transaction Services
Tel. +41 58 792 1572
nico.psarras@ch.pwc.com

Maxime Dubouloz
Head of M&A Western Switzerland
Tel. +41 58 792 9058
maxime.dubouloz@ch.pwc.com

Mathieu Gravier
Senior Manager, Transaction Services
Tel. +41 58 792 9300
gravier.mathieu@ch.pwc.com

 

Transforming Businesses through Drone Technologies

Tuesday, 30 May 2017, Papiersaal Sihlcity, Zurich

The digital transformation agenda is revolutionising business operations and impacting technological progress as well as improving economic results. The disruption through drones is a perfect example of the transformation of operational processes and PwC is pioneering on this front with the development of a dedicated solution that helps businesses.

PwC’s Drone Powered Solutions sees the commercial application of drone technologies which provides the ability to capture unparalleled levels of both data volume and data accuracy that are analysed to suit the business’ requirements. After a presentation of PwC’s global thought leadership report “Clarity from Above” which focuses on the commercial application of drones technologies, we will highlight case studies that demonstrate how drone solutions can be integrated in insurance, construction and agriculture industry businesses. We will follow with workshops around opportunities and challenges facing drones technologies implementation.

We would like to welcome you to presentations and discussions that focus on drone technologies. The event features drones in flight, virtual reality and the opportunity to engage with subject matter experts in this exciting topic.

Date and Time: Tuesday, 30 May 2017 – 10:00 – 16:00 hours
Venue: Papiersaal, Alte Sihlpapierfabrik, Kalenderplatz 6 (Sihlcity), 8045 Zurich
Costs: There will be no costs charged for this Event
Programme: Find the detailed programme online

Please register online

We are looking forward to your participation!

Switzerland: New social security treaty between Switzerland and China

A social security treaty between Switzerland and the People’s Republic of China (China) will enter into force on 19 June 2017. The maximum posting period is 72 months. For the duration of the posting employees (regardless their nationality) are exempt from the compulsory insurance obligations of the country of occupation which are covered in the social security treaty. As from 19 June 2017 it will be possible to obtain a Certificate of Coverage.

 

Click here for more details

 

Contact

Véronique Schaller
+41 58 792 5036
veronique.schaller-wiesli@ch.pwc.com

Natalia Graf
+41 58 792 4324
natalia.graf@ch.pwc.com

 

IFRS News April 2017

Our latest IFRS News contains some information about
uncertainty in income tax accounting, demistifying IFRS 9, the leases lab, the IFRS 15 mole and more.

Article 50 triggers uncertainty in income tax accounting

John Chan, IAS 12 specialist, explains the deferred tax implications of article 50.

Read more

Demystifying IFRS 9

IFRS 9 expected credit loss model 2. Emma Edelshein, Financial Instruments Director, explains more on expected credit losses in IFRS 9

Read more

The Leases Lab

IFRS 16 contains new guidance on separating lease components from other lease components to be considered by both lessees and lessors. Can Professor Lee Singh and his assistant Derek Carmichael help you separate the truth from the fiction? Let’s Experiment!

Read more

Scene 1, Take 1: Demistifying IFRS 9 for Corporates

Nitassha Somai, Financial instruments expert takes us through the first in the series of demystifying IFRS 9 for corporates.

Read more

The IFRS 15 Mole

PwC revenue specialists and the IFRS 15 Mole investigate how to identify a principal or an agent in a revenue transaction

Suspects: Accounting as principal or as agent
Incident description: There are many arrangements in which two or more unrelated parties are involved in providing a specified good or Service to a customer. IFRS 15 requires an entity to determine whether it is the principal or the agent.

Read more

Cannon Street Press

  • Board’s Primary Financial Statement Project
  • The Conceptual Framework for Financial Reporting
  • Financial Instruments with Characteristics of Equity

Read more

IFRIC Rejections Supplement – IAS 32

Helen Wise of Accounting Consulting Services examines the practical implications of IC rejections related to IAS 32.

Read more

Read the latest issue on IFRS News from March 2017

Read more

In brief – A look at current
financial reporting issues

  • FASB Changes made to premium amortization period on callable debt securities:
    PwC In brief US2017-12
    Read more
  • Brexit – income tax accounting implications:
    PwC In brief US2017-11
    Read more
  • FASB proposal would align the accounting for all share-based payment awards:
    PwC In brief US2017-10
    Read more