WANNACRY! The worm that spreads WanaCrypt0r
I would like to take this opportunity to share some insight as well as the nature of the WanaCrypt0r that has created havoc around the world on this weekend.
Below is the step that you want to consider to protect your network against this new variant of Ransomware before the official security patches from your AV vendor is released to your Endpoint Protection.
Patch ALL Windows machines in your environment immediately. The EternalBlue vulnerability was patched by Microsoft back in March as part of MS17-010.
Maintain up-to-date backups of files and regularly verify that the backups can be restored.
Ransomware attacks target shared network drives and cloud backups. This scenario makes it hard to retrieve the information in case of a ransomware attack. Therefore, do not rely on backup only – you must consider a protection mechanism.
Ransomware is often delivered through the exact same channels as other types of malware: spear-phishing and malicious drive-by. Educate users to obtain from clicking on suspicious links, downloading email attachment and downloading software from dodgy resources.
Install a ransomware detection and prevention tool.
Below is the extract from Malwarebytes that provides the method used by WanaCrypt0r to attack the networks worldwide as well as prevention approach that you may consider.
Something that many security researchers have feared has indeed come true. Threat actors have integrated a critical exploit taking advantage of a popular communication protocol used by Windows systems, crippling thousands of computers worldwide with ransomware.
In this blog post, we will describe the worm responsible for spreading this ransomware by looking at its capabilities and what has made this threat so successful. >>> Read More <<<