Ransomware: Response & Resources

Ransomware Recommendations:

1. Patch all systems with critical and security updates.
In particular, for the recent attack, ensure systems are patched as per the following Microsoft update:  https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

2. Ensure all Office Applications are using the latest supported releases and are patched.
Only enable macros for end users that absolutely require them.  Other users should have macros disabled. Block macros in files that are received from the internet. See: https://blogs.technet.microsoft.com/mmpc/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/

3. Use Next-Generation anti-ransomware endpoint software, such as Cylance.
Join Cylance for a 30 minute webinar this week to understand how Cylance would have protected against WannaCry. Email [email protected] for details and to register.

4. Check that only authorised and approved users have administrator access.
The administrator account should NOT have internet access.

5. Filter web browsing traffic to block known bad categories and sites.
Ideally inspect HTTPS traffic.  Block executables, compressed files and scripts. See: http://www.infosec-cloud.com/cloud-services/web-security/

6. Use application whitelisting to help prevent malicious software and unapproved programs from running.
Application whitelisting is one of the best security strategies as it allows only specified programs to run, while blocking all others, including malicious software.

7. Provide Cyber Security Awareness Training & Testing for all employees.
Ransomware is often spread through online phishing campaigns. See: http://www.infosec-cloud.com/security-awareness/

8. Ensure that all data is backed up at regular intervals and is kept off the internal network.
You can’t be held to ransom for data you hold somewhere else.

Download our WannaCry Advisory and Action Plan >> http://www.infosec-cloud.com/wp-content/uploads/2017/05/WannaCry-Background-and-Ransomware-Protection-Guide-15-05-17.pdf

Third-party Ransomware Resources, Guides & Insight:

The National Cyber Security Centre: https://www.ncsc.gov.uk/

US-CERT: https://www.us-cert.gov/

How Ransomware Works: QuickTake Q&A – Bloomberg: https://www.bloomberg.com/news/articles/2017-05-15/how-ransomware-works-and-avoiding-the-next-attack-quicktake-q-a

Why Microsoft’s Windows game plan makes us WannaCry – The Register: https://www.theregister.co.uk/2017/05/16/wannacrypt_microsoft_blame_game/

Dark Reading – Millions Of Systems Worldwide Found Exposed On The Public Internet: http://www.darkreading.com/operations/millions-of-systems-worldwide-found-exposed-on-the-public-internet-/d/d-id/1325815

Cylance vs. WannaCry – CylancePROTECT® fully prevents all in-the-wild examples of the malware related to these specific attacks:  https://www.cylance.com/en_us/blog/cylance-vs-wannacry-wanacrypt0r-2-0.html
* Reserve you place on this week’s 30 min webinars. Email [email protected]for more info and to register

Business Guide to Ransomware – from AppRiver
Download here: http://www.infosec-cloud.com/wp-content/uploads/2017/05/AppRiver_-Business-Guide-to-Ransomware.pdf

How to Avoid Falling Victim to Ransomware – from Barracuda
Download here: http://www.infosec-cloud.com/wp-content/uploads/2017/05/barracuda-how-to-avoid-falling-victim-to-ransomware-phishing-pdf-3-w-3257.pdf

Ransomware Survival Guide – from Proofpoint
Download here: http://www.infosec-cloud.com/wp-content/uploads/2017/05/proofpoint-ransomware-survival-guide-cm.pdf

Detecting WannaCry Ransomware – from Alien Vault
Download here: http://www.infosec-cloud.com/wp-content/uploads/2017/05/AlienVault-Detect-WannaCry-Ransomware-white-paper.pdf

Please contact us for impartial advice, recommendations and to arrange demos:
Call 01256 379970
Email: [email protected]

  • Remote Office Data Protection

    Remote & branch offices are particularly vulnerable to data loss - read more...
  • Protection from advanced threats

    6 recommendations from Blue Coat -
  • Tokenless Strong Authentication

    Use the device you carry as the authenticator - read more...
  • Email security specifically for SMEs

    Proofpoint Essentials offers ultimate email protection -
  • Enquiry LinkedIn Spiceworks