Last Friday 12th May saw another largescale ransomware attack across the globe, crippling companies and critical government services including the National-Health-Service in the UK. The appropriately named ‘WannaCry’ ransomware targeted Microsoft users, encrypting files and requesting money to be unlocked.
How did this ransomware occur and why did it have such devastating effects? The actual security hole was part of a‘National-Security-Agency’ security toolkit that was leaked onlineby a group of hackers. It exploited Microsoft server message block (SMB) functionality, effecting all versions of windows operating system. The security hole was identified last week by Microsoft and patches issued to fix the issue. However,many users and organisations take a long time to ensure their devices are updated with latest patches, leaving a window of opportunity for the ransomware.
T&VS Security Services – Top3 recommendations to ensure you are protected from WannaCry:
- Always ensure your Microsoft patches are up-to-date. The essential patch for the WannaCry is MS17-010 patch. This will give you 65% security.
- Enable firewalls and disable the following ports 137,138,139,445. These are the ports this ransomware utilises.
- Ensure Antivirus software up-to-date.
(Some of the above recommendations seem obvious but if they had been followed then the ransomware would not have been so prevalent.)
Recommendations to protect against future ransomware:
The following are general security best practice advice:
- Stop using any unsupported windows Operating System. Always aim to regularly upgrade to the latest OS.
- Disable Microsoft server message block (SMB)
- Regularyperform a secure backup of data into the cloud. This will allow a quick restore of data if an attack does occur.
- Always be aware of phishing attacks. Avoid vulnerable websites and emails.
- Finally, we would recommend you increase security awareness and give training for end users on how to protect themselves going forward.
Let T&VS ensure you are protected going forward. Our security team will analyse your infrastructure for potential weaknesses and provide assistance in ongoing security measures. If you would like to know more, please see T&VS Security or contact us via email.
Join the T&VS webinar. T&VS experts will provide a simple step-by-step guide to the actions you can take now to ensure your systems are protected.