A major ransomware attack has affected many organizations across the world reportedly including Telefonica in Spain, the National Health Service in the UK, and FedEx in the US. The malware responsible for this attack is a ransomware variant known as 'WannaCry'.
The malware then has the capability to scan heavily over TCP port 445 (Server Message Block/SMB), spreading similar to a worm, compromising hosts, encrypting files stored on them then demanding a ransom payment in the form of Bitcoin. It is important to note that this is not a threat that simply scans internal ranges to identify where to spread, it is also capable of spreading based on vulnerabilities it finds in other externally facing hosts across the internet.
The FIREFX Network Guardian Intrusion Detection And Prevention Systems has protected your network against the WanaCry Ransomware Attack, but you must take the following steps to ensure your data remains safe.
The WannaCry ransomware attack is not over, but there is still time to take some immediate steps to protect your data on systems. Although your network may have been protected by the Network Guardian, your systems are still very vulnerable once they leave the protection of your "hardened" environment. You must share these steps with your customers to ensure their data is protected.
- Ensure all Windows-based systems are fully patched. At a very minimum, ensure Microsoft bulletin MS17-010 has been applied.
- In accordance with known best practices, any organization who has SMB publicly accessible via port forwarding to the internet (ports 139, 445) should immediately block inbound traffic by shutting these down.
In addition to these steps. the following best practices are recommended.
- Ensure your customer is running an actively supported operating system that receives security updates (i.e. Not Windows XP or earlier).
- Have an effective patch management program that deploys security updates to network endpoints and other critical parts of your infrastructure in a timely manner.
- Run anti-malware software on your systems and ensure you regularly receive malware signature updates.
- Implement a disaster recovery plan that includes backing up and restoring data from devices that are kept offline or protected. Adversaries frequently target backup mechanisms to limit the possibilities a user may be able to restore their files without paying the ransom.
- Raise your customer's alert level and sensitivity to opening attachments, specifically;
- Do not open any attachments from people they do not know.
- Do not open unexpected attachments from people they do know without first verifying they are legitimate even if, on the surface, they appear to be (i.e. "Your Statement", "Invoice", etc..)
Find out more about the FIREFX Network Guardian IoT Secuirty Appliance HERE.
Apply to be a FIREFX Authorized Dealer HERE.