As the second iteration of the ransomware strain impacting IT infrastructure around the globe is expected, we want to arm our customers with information to be best prepared.
Networks in many businesses and critical infrastructure like healthcare and finance across 150+ countries have been infected by the WannaCry ransomware worm, aka WanaCrypt, WannaCrypt or Wcry. We are observing this ransomware worm spread rapidly.
If you have not been infected, it is very important that you learn how to defend your systems. Netsurion is continually working to deliver more advanced threat protection for situations just like this.
While anti-virus and managed firewalls are essential, alone they are not enough. Netsurion SIEM was introduced earlier this year for this very reason.
Recommended steps for ransomware prevention
- Apply the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017.
- Perform a detailed vulnerability scan of all systems on your network and apply missing patches ASAP.
- Limit traffic from/to ports 139 and 445 to internal network only. Monitor traffic to these ports for out of ordinary behavior.
- Enable strong spam filters to prevent phishing e-mails from reaching the end users and authenticate in-bound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent e-mail spoofing.
- Scan all incoming and outgoing e-mails to detect threats and filter executable files from reaching the end users.
- Ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans.
- Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary.
- Configure access controls including file, directory, and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.
- Disable macro scripts from Microsoft Office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office suite applications.