Beware of the new strain Ransom.CryptXXX (WannaCry)
This ransomware takes advantage of a vulnerability for which Microsoft released a patch on March 14, 2017. The vulnerability on machines that have not been patched is assisting in the rapid spread of the ransomware around networks, but the ransomware still enters the network in the traditional way via attachments to emails and websites via links. If you are not expecting an email from someone and it has attachments or asks you to click a link, ask your IT department to check.
Additional precautions to be considered
- Patch Management
Ensure all Workstations and Servers have the latest Microsoft patches, especially the ones related to MS17-010* and can be verifiable at this Microsoft link https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
Ensure Anti Virus signatures are updated on all assets. Identify critical assets and target them first. Block Indicators of Compromise (IOC) on anti virus solution.
Ensure Intrusion Prevention System (IPS) signatures are updated. Verify if the signature that can detect this vulnerability / exploit attempt is enabled and is in blocking mode.
- eMail Gateway
Ensure eMail Gateway solutions have all relevant updates for detecting possible mails that may bring the Trojan in the environment.
Ensure Proxy solution has updated database. Block Indicators of Compromise for IP Addresses and Domain names on the Proxy.
Block the IOCs IP addresses on Perimeter Firewall.
Ensure firewalls have updated IOCs produced by the service provided or vendor.
- Advanced Persistant Threats Solutions
Ensure signatures are up to date. Check for possible internal sources of infection and take necessary actions.
Check logs to verify if any of the IOCs have been detected within the last 7 days.
complete technology solutions
follow qual limited