WannaCry Attack: Suggested security measures against future ransomware attacks

Information provided by cyber security firm, Soteria LLC.

The WannaCry attack, the massive ransomware attack impacting businesses and individuals alike this past week, has been making headlines around the world. Not only did this event hit a large number of victims, the attack has been further sensationalized because it utilized exploits said to be developed by the National Security Agency (NSA) and released by the Shadow Brokers, a hacker group.

Organizations should learn from this incident and use it as an opportunity to advocate for the importance of implementing effective security controls, policies, and procedures. Soteria recommends the following security measures to harden your organization against future ransomware attacks:

  1. Ensure your systems are fully patched. For those customers using unsupported versions of Windows, Microsoft has taken the extraordinary step of releasing patches for Windows Server 2003, Windows XP, and Windows 8. Further information and vulnerability patches may be found in the Microsoft Security Bulletin MS17-10.
  2. Ensure your anti-malware solutions are updated regularly. All major vendors are closely monitoring these campaigns and are updating their signatures as quickly as possible. Ensure that your organization is receiving and installing these updates regularly.
  3. Block all inbound traffic that is not absolutely necessary. This particular malware spreads by exploiting a flaw that requires a Windows device to be accessible on TCP port 445. There are almost no situations in which a Windows device should have this port accessible from the internet. Ensure your firewall rules are up-to-date, and conduct scans on your infrastructure to verify.
  4. Filter outbound network traffic and internal network traffic. In the event your organization is compromised, do not allow your devices to be used to further spread the worm. Additionally, ensure traffic between internal network segments is filtered as much as possible. If a successful infection occurs, containing the infection to a single VLAN can prevent a bad problem from becoming a complete disaster.
  5. Educate your users. It is important to remember phishing emails are still the most successful attack vector cyber criminals leverage when launching ransomware scams like this one. Use this event as an opportunity to remind your employees of your firm’s procedures for appropriately reacting to the receipt of a suspicious email.

Soteria is a cyber-security firm located in Charleston, SC. Founded by experienced former members of the National Security Agency, Soteria specializes in security assessments, 24/7/365 incident response, and security product development.

Reprinted by permission of Soteria LLC, 2017. All rights reserved.

Links to Web sites other than those operated by ABA Insurance Services Inc. (“ABAIS”) are for your convenience only. ABAIS makes no representation or warranty of any kind with respect to these sites or their content and is not responsible for their accuracy or reliability. Any reference to a product, process, or service does not constitute or imply an endorsement by ABAIS, or an offer to provide or pay for such products, processes or services.