• Download our FREE True Price of Office 365 Whitepaper
  • Give us a call: 877-788-1617

    Stay in the know with the MessageOps newsletter:

    MessageOps Resources for the WannaCry Ransomware Attack

    Wannacry

     

    As our MessageOps Community already knows over the weekend there was a major cyber security attack that took place called Wannacry. That said, we want to provide you with some helpful information for you and your team about the Wannacry Ransomware attack.

    Machines globally were infected in a very short period of time. Many of our customers are asking what they can do now to protect their business. Having the right technology in place is key and we recommend some basic computer hygiene tips.

    Need Help? Here are some helpful Wannacry Ransomware resources

    What is WannaCry?
    WannaCry is Ransomware that locks down all the files on an infected computer and asks the computer’s administrator to pay in order to regain control of them. The ransomware is spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March. But computers and networks that hadn’t updated their systems were still at risk.

    Upcoming Webinars:

    A couple of our partners have webinars that you and / or your team may be interested in attending:

    These videos show how to detect and stop ransomware with QRadar and BigFix:
    QRadar stopping Ransomware on its tracks – Part 1 https://youtu.be/ENYbSiUsfaE
    QRadar stopping Ransomware on its tracks – Part 2 https://youtu.be/mpykyoWlnGI
    QRadar stopping Ransomware on its tracks – Part 3 https://youtu.be/CVlBI6SnpgI

    These videos show how to detect ransomware with QRadar’s QNI and BigFix:
    QRadar and Bigfix Stop Ransomware Autofast – Part 1 https://youtu.be/P90e4iEJ32s
    QRadar and BigFix Stop Ransomware (Custom Action) – Part 2 https://youtu.be/sJOovKKX_SM
    QRadar and Bigfix Stop Ransomware (Custom Action) – Part 3 https://youtu.be/-hGsYEDBbi8
    QRadar and Bigfix Stop Ransomware (Custom Action) – Part 4 https://youtu.be/k0fKj4jAFXs

    KnowBe4 – Train employees on recognizing spear phishing emails
    https://blog.knowbe4.com/ransomware-attack-uses-nsa-0-day-exploits-to-go-on-worldwide-rampage

    Free Phishing Security test
    http://www.championsg.com/email-phishing-security-test/

    Industry Information:
    Hospitals, government offices, major companies such as Fedex, Universities, retailers, and many other businesses were targeted. While all industries are a target to ransomware, this article discusses why 4 industries are frequently attacked: http://www.zdnet.com/article/ransomware-these-four-industries-are-the-most-frequently-attacked/

    WannaCry Ransomware Guidelines to stay safe:

    • Be careful and do not click on links in your email if you do not know the sender.
    • Be wary of visiting unsafe or unreliable sites.
    • Never click on a link that you do not trust on a web page or access to Facebook or messaging applications such as WatSab and other applications.
    • If you receive a message from your friend with a link, ask him before opening the link to confirm, (infected machines send random messages with links).
    • Keep your files backed up regularly and periodically.
    • Be aware of fraudulent e-mail messages that use names similar to popular services such as PayePal instead of PayPal or use popular service names without commas or excessive characters.
    • Use anti-virus and Always make sure you have the latest update.
    • Make sure your Windows have the last update to close the gap.

    Prescription for the Victim of WannaCry:
    1. Block communication to WCry Command Control Center to stop infection and propagation across your environment. IBM XGS can help with blocking suspicious IP Addresses and ports. You can see a list of suspicious list of IP, hashes and ports at https://exchange.xforce.ibmcloud.com/collection/WCry2-Ransomware-Outbreak-8b186bc4459380a5606c322ee20c7729. Ports 22, 23, 3389, TCP 139 & 145/UDP 137 & 138, and 9001 are seen to be used by WCry.

    2. Apply the patch (MS17-010) to protect ALL of your Windows machines. This patch is for fixing the file sharing vulnerability, which is being exploited by WannaCry to cause mayhem. If you still have a few Windows XP machines, Good news! Today, Microsoft took an unusual step to release security updates to address flaws in unsupported Windows XP, Windows 8, and Windows Server 2003. You can find this patch at: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/And, for love of whatever you hold dear, upgrade those old machines!

    3. Disable the outdated protocol SMBv1 and isolate/quarantine your un-patched systems. Software security tools such as BigFix can both patch and quarantine after all the mayhem created by a Microsoft file sharing vulnerability. Consider testing BigFix Detect, a behavior based endpoint detection tool for detection of just these types of malicious attacks.

    4. Implement a robust data backup process that safeguards any data considered valuable or critical to the organization. Data backups must be stored offline—disconnected from the network—and tested regularly to confirm their integrity. Backup your data regularly!

    5. If you have already been infected by WannaCry, check the Crypto Sheriff page at nomoreransom.org, upload one of the files encrypted by the ransomware, and the site will let you know if there is a solution available to unlock all of your files for free.

    Alert Logic identifies the attack methods used by WannaCry and began testing Alert Logic assessment and detection methods 

    https://www.alertlogic.com/blog/wannacry-a-propagation-brought-to-you-by-eternalblue-and-doublepulsar/

    Additional Information/Resources

    6 steps to protect your business from ID theft

    If you have any questions or need assistance, please call your Champion / MessageOps Client Manager, or call 877-788-1617 or email info@messageops.com.

    Ready to get started? Contact us today to learn more.

    CONTACT US