1. Patch all systems with critical and security updates.
In particular, for the recent attack, ensure systems are patched as per the following Microsoft update: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
2. Ensure all Office Applications are using the latest supported releases and are patched.
Only enable macros for end users that absolutely require them. Other users should have macros disabled. Block macros in files that are received from the internet. See: https://blogs.technet.microsoft.com/mmpc/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/
3. Use Next-Generation anti-ransomware endpoint software, such as Cylance.
Join Cylance for a 30 minute webinar this week to understand how Cylance would have protected against WannaCry. Email [email protected] for details and to register.
4. Check that only authorised and approved users have administrator access.
The administrator account should NOT have internet access.
5. Filter web browsing traffic to block known bad categories and sites.
Ideally inspect HTTPS traffic. Block executables, compressed files and scripts. See: http://www.infosec-cloud.com/cloud-services/web-security/
6. Use application whitelisting to help prevent malicious software and unapproved programs from running.
Application whitelisting is one of the best security strategies as it allows only specified programs to run, while blocking all others, including malicious software.
7. Provide Cyber Security Awareness Training & Testing for all employees.
Ransomware is often spread through online phishing campaigns. See: http://www.infosec-cloud.com/security-awareness/
8. Ensure that all data is backed up at regular intervals and is kept off the internal network.
You can’t be held to ransom for data you hold somewhere else.
Download our WannaCry Advisory and Action Plan >> http://www.infosec-cloud.com/wp-content/uploads/2017/05/WannaCry-Background-and-Ransomware-Protection-Guide-15-05-17.pdf
Third-party Ransomware Resources, Guides & Insight:
The National Cyber Security Centre: https://www.ncsc.gov.uk/
How Ransomware Works: QuickTake Q&A – Bloomberg: https://www.bloomberg.com/news/articles/2017-05-15/how-ransomware-works-and-avoiding-the-next-attack-quicktake-q-a
Why Microsoft’s Windows game plan makes us WannaCry – The Register: https://www.theregister.co.uk/2017/05/16/wannacrypt_microsoft_blame_game/
Dark Reading – Millions Of Systems Worldwide Found Exposed On The Public Internet: http://www.darkreading.com/operations/millions-of-systems-worldwide-found-exposed-on-the-public-internet-/d/d-id/1325815
Cylance vs. WannaCry – CylancePROTECT® fully prevents all in-the-wild examples of the malware related to these specific attacks: https://www.cylance.com/en_us/blog/cylance-vs-wannacry-wanacrypt0r-2-0.html
* Reserve you place on this week’s 30 min webinars. Email [email protected]for more info and to register
Business Guide to Ransomware – from AppRiver
Download here: http://www.infosec-cloud.com/wp-content/uploads/2017/05/AppRiver_-Business-Guide-to-Ransomware.pdf
How to Avoid Falling Victim to Ransomware – from Barracuda
Download here: http://www.infosec-cloud.com/wp-content/uploads/2017/05/barracuda-how-to-avoid-falling-victim-to-ransomware-phishing-pdf-3-w-3257.pdf
Ransomware Survival Guide – from Proofpoint
Download here: http://www.infosec-cloud.com/wp-content/uploads/2017/05/proofpoint-ransomware-survival-guide-cm.pdf
Detecting WannaCry Ransomware – from Alien Vault
Download here: http://www.infosec-cloud.com/wp-content/uploads/2017/05/AlienVault-Detect-WannaCry-Ransomware-white-paper.pdf