Friday 12th May saw a large-scale ransomware attack across the globe, crippling companies and critical government services including the National-Health-Service in the UK. The appropriately named ‘WannaCry’ ransomware targeted Microsoft users, encrypting files and requesting money to be unlocked. It exploited Microsoft server message block (SMB) functionality, effecting all versions of windows operating system.
It recent days it has become apparent that another malware is using the same exploit to spread itself to unsuspecting machines. Adylkuzz is using the EternalBlue vulnerability (same as WannaCry) to exploit the systems, but it’s not a ransomware attack. It’s a botnet that shuts down SMB and uses system resources to mine for cryptocurrency.
Recommendations to protect against future malware
The following are general security best practice advice:
- Always ensure your Microsoft patches are up-to-date.
- Enable firewalls and disable the following ports 137,138,139,445. These are the ports ransomware utilises.
- Ensure Antivirus software is up-to-date.
- Stop using any unsupported windows Operating System. Always aim to regularly upgrade to the latest OS.
- Disable Microsoft server message block (SMB)
- Regularlyperform a secure backup of data into the cloud. This will allow a quick restore of data if an attack does occur.
- Always be aware of phishing attacks. Avoid vulnerable websites and emails.
- Finally, we would recommend you increase security awareness and give training for end users on how to protect themselves going forward.
Let T&VS ensure you are protected going forward. Our security team will analyse your infrastructure for potential weaknesses and provide assistance in ongoing security measures. If you would like to know more, please see T&VS Security or contact us via email. T&VS experts will provide a simple step-by-step guide to the actions you can take now to ensure your systems are protected.