What You Need to Know About the WannaCry Ransomware Outbreak

According to sources, the ransomware attack has already hit over 150 countries and infected 200,000 devices in the first 24 hours. The attacks have crippled hospitals, communication providers, and medical organizations, among others. WannaCry is spread via a computer worm. Worms have been around for decades but when combined with this threat, it creates a fast spreading malware that doesn't require transmission via email.

What does this mean for you? If you are currently a Managed Services client then you are safe, our team is monitoring the threat & implementing mitigation strategies in real time to prevent the risk of infection. If you are not currently a Managed Services client, we have included a list of essential mitigation strategies that you should implement immediately.

Essential Mitigation Strategies

Computer emergency response teams and security experts say there are five essential WannaCry mitigations that all firms should implement:

  1. Install MS17-010: One way the SMB flaw - targeted to install WannaCry ransomware - can be fixed is for organizations and individuals to install the MS17-010 fix issued by Microsoft in March. "It is critical that you install all available OS updates to prevent getting exploited by the MS17-010 vulnerability. Any systems running a Windows version that did not receive a patch for this vulnerability should be removed from all networks," security firm Malwarebytes warns in a technical analysis of the attacks.
  2. Install emergency Windows patch: In an unusual move, Microsoft has issued one-off security fixes for three operating systems that it no longer supports: Windows XP, Windows Server 2003, and Windows 8.
  3. Update your AntiVirus-Malware software: One of the best ways to protect your computer is to make sure your security software is up to date, we recommend using a product such as Bitdefender or Sophos.
  4. Disable SMBv1: NCSC says that "if it is not possible to apply [either] patch, disable SMBv1," and it refers to guidance from Microsoft for doing so.
  5. Block SMBv1: Alternately, or in addition, "block SMBv1 ports on network devices" - UDP 137, 138 and TCP 139, 445 - NCSC recommends.
  6. Shut down: As a last resort, if none of those options are available, it recommends literally pulling the plug. "If these steps are not possible, propagation can be prevented by shutting down vulnerable systems," NCSC says.

Our team is standing by to discuss a customized security strategy that meets your business need and protect from threats like WannaCry. Call us at today at 978.219.9752 to speak with a IT security expert.

Sources: http://www.healthcareinfosecurity.com/5-emergency-mitigation-strategies-to-combat-wannacry-outbreak-a-9914 http://money.cnn.com/2017/05/12/technology/ransomware-attack-nsa-microsoft/ http://blog.intronis.com/threat-watch-wannacry-ransomware]]>