Head Office: +44 (0)1293 400 720 | City Office: +44 (0)2037 141 856
Twitter IconTwitter IconTwitter Icon

Beware of the new strain Ransom.CryptXXX (WannaCry)

Have you taken necessary measures to protect your business?

Ransomware

On May 12, pill 2017 a new strain of the Ransom.CryptXXX (WannaCry) widely impacting a large number of organisations, shop particularly in Europe.

This ransomware takes advantage of a vulnerability for which Microsoft released a patch on March 14, 2017. The vulnerability on machines that have not been patched is assisting in the rapid spread of the ransomware around networks, but the ransomware still enters the network in the traditional way via attachments to emails and websites via links. If you are not expecting an email from someone and it has attachments or asks you to click a link, ask your IT department to check.


Additional precautions to be considered

  • Patch Management
    Ensure all Workstations and Servers have the latest Microsoft patches, especially the ones related to MS17-010* and can be verifiable at this Microsoft link https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
  • Antivirus
    Ensure Anti Virus signatures are updated on all assets. Identify critical assets and target them first. Block Indicators of Compromise (IOC) on anti virus solution.
  • IPS
    Ensure Intrusion Prevention System (IPS) signatures are updated. Verify if the signature that can detect this vulnerability / exploit attempt is enabled and is in blocking mode.
  • eMail Gateway
    Ensure eMail Gateway solutions have all relevant updates for detecting possible mails that may bring the Trojan in the environment.
  • Proxy
    Ensure Proxy solution has updated database. Block Indicators of Compromise for IP Addresses and Domain names on the Proxy.
  • Firewall
    Block the IOCs IP addresses on Perimeter Firewall.
    Ensure firewalls have updated IOCs produced by the service provided or vendor.
  • Advanced Persistant Threats Solutions
    Ensure signatures are up to date. Check for possible internal sources of infection and take necessary actions.
  • SIEM
    Check logs to verify if any of the IOCs have been detected within the last 7 days.
Phone Number Icon. Qual Phone Number 01293 400 720
+44 (0)1293 400 720
Request a call back
Banner Shadow
shadow right shadow right
Gears Icon
About us
complete technology solutions
Qual IT Security was established as a result of our customers requests for help with their IT Infrastructure Security and the need to identify and implement the secure Data and Network Security….
Qual Twitter
Qual Tweets
follow qual limited

Number on this page: