1. Patch all systems with critical and security updates.
In particular, for the recent WannaCry attack, ensure systems are patched as per the following Microsoft update: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
2. Ensure all Office Applications are using the latest supported releases and are patched.
Only enable macros for end users that absolutely require them. Other users should have macros disabled. Block macros in files that are received from the internet. See: https://blogs.technet.microsoft.com/mmpc/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/
3. Use Next-Generation anti-ransomware endpoint software, such as CylancePROTECT.
Join Cylance for a 30 minute webinar to understand how CylancePROTECT would have protected against Petya. Email [email protected] for details and to register.
Watch Cylance protect against this new Petya-like ransomware here:
Click here to book a CylancePROTECT demo: http://www.infosec-cloud.com/cylanceprotect-demo/
4. Check that only authorised and approved users have administrator access.
The administrator account should NOT have internet access.
5. Filter web browsing traffic to block known bad categories and sites.
Ideally inspect HTTPS traffic. Block executables, compressed files and scripts. See: http://www.infosec-cloud.com/cloud-services/web-security/
6. Use application whitelisting to help prevent malicious software and unapproved programs from running.
Application whitelisting is one of the best security strategies as it allows only specified programs to run, while blocking all others, including malicious software.
7. Provide Cyber Security Awareness Training & Testing for all employees.
Ransomware is often spread through online phishing campaigns. See: http://www.infosec-cloud.com/security-awareness/
8. Ensure that all data is backed up at regular intervals and is kept off the internal network.
You can’t be held to ransom for data you hold somewhere else.
Third-party Ransomware Resources, Guides & Insight:
The National Cyber Security Centre: https://www.ncsc.gov.uk/
How Ransomware Works: QuickTake Q&A – Bloomberg: https://www.bloomberg.com/news/articles/2017-05-15/how-ransomware-works-and-avoiding-the-next-attack-quicktake-q-a
Everything you need to know about the Petya, er, NotPetya nasty trashing PCs worldwide: – The Register: https://www.theregister.co.uk/2017/06/28/petya_notpetya_ransomware/
Why Microsoft’s Windows game plan makes us WannaCry – The Register: https://www.theregister.co.uk/2017/05/16/wannacrypt_microsoft_blame_game/
Dark Reading – Millions Of Systems Worldwide Found Exposed On The Public Internet: http://www.darkreading.com/operations/millions-of-systems-worldwide-found-exposed-on-the-public-internet-/d/d-id/1325815
Cylance vs. Petya – CylancePROTECT® fully prevents all in-the-wild examples of the malware related to these specific attacks:
* Reserve you place on a 30 min CylancePROTECT webinar. Email [email protected] for more info and to register.
Ransomware: From Rags to Riches – whitepaper from Infinigate
Read how ransomware methods and malware have evolved into a sophisticated business model for cyber-criminals and how you can prepare for a potential attack.
Download here: http://www.infosec-cloud.com/ransomware-from-rags-to-riches/
Business Guide to Ransomware – from AppRiver
Download here: http://www.infosec-cloud.com/wp-content/uploads/2017/05/AppRiver_-Business-Guide-to-Ransomware.pdf
How to Avoid Falling Victim to Ransomware – from Barracuda
Download here: http://www.infosec-cloud.com/wp-content/uploads/2017/05/barracuda-how-to-avoid-falling-victim-to-ransomware-phishing-pdf-3-w-3257.pdf
Ransomware Survival Guide – from Proofpoint
Download here: http://www.infosec-cloud.com/wp-content/uploads/2017/05/proofpoint-ransomware-survival-guide-cm.pdf
Detecting WannaCry Ransomware – from Alien Vault
Download here: http://www.infosec-cloud.com/wp-content/uploads/2017/05/AlienVault-Detect-WannaCry-Ransomware-white-paper.pdf