CIOTech Taking Proactive Efforts for Global Ransomware Outbreak “WannaCry”
CIO Technology Solutions is actively monitoring the announcement of the recently discovered Microsoft computer security exploit, WannaCry. This ransomware infection of specific vulnerable Microsoft windows systems has infected thousands worldwide, and we are taking necessary precautions to mitigate any potential risks.
The specific delivery vectors are still being investigated. However, there are several potential sources such as email, brute-force attack on systems using the Microsoft Remote Desktop Protocol, and/or known TCP ports supporting this protocol open on Firewalls or other network connected devices. The Shadow Brokers (a known hacker group) had recently published several hacking tools used by the NSA (National Security Agency) which exploits these protocols. Hackers are taking advantage of this exploit by delivering a ransomware variant called WannaCry which can encrypt all data on your systems. Other ransomware and malware variants are also being pushed to vulnerable systems by hackers using this exploit.
Ransomware Threat Announcement:
The ransomware attack called ‘Wanna’ (also known as WannaCry, WCry, WanaCrypt and WanaCrypt0r) is encrypting files and changing the file extensions to: .wnry, .wcry, .wncry and .wncrypt.
As a preventative measure, CIO Technology Solutions (for our managed services customers), have temporarily disabled RDP and other known exploited protocols until further information and other actions to block such attacks can be determined. This is considered a “zero-day” attack with more information about the attack being released each hour. The major antivirus/Anti-malware manufacturers around the world are currently working to develop and deploy patch updates protecting against this threat. CIO Technology will automatically apply patch updates as they become available over the weekend.
Additionally, CIO Technology Solutions is currently reviewing all systems to ensure a necessary Microsoft patch (which blocks the exploit) has been installed on those systems that are vulnerable and patchable. Please note: Any Microsoft XP workstations, Windows Server 2003 or older systems that are still in production are unable to be patched and considered (and will continue to be) highly vulnerable.
CIO Technology Solutions and US_CERT recommends that users and administrators take the following preventive measures to protect their computer networks from WannaCry ransomware and other malware infections:
Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code will execute the malware on the machine. For enterprises or organizations, it may be best to block email messages with attachments from suspicious sources. For information on safely handling email attachments, see Recognizing and Avoiding Email Scams. Follow safe practices when browsing the Web. See Good Security Habits and Safeguarding Your Data for additional details.
Do not follow unsolicited Web links in emails. Refer to the US-CERT Security Tip on Avoiding Social Engineering and Phishing Attacks or the Security Publication on Ransomware for more information.
Restrict users’ ability (permissions) to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
Have a data backup and recovery plan for all critical information. Perform and test regular backups to limit the impact of data or system loss and to expedite the recovery process. Note that network-connected backups can also be affected by ransomware; critical backups should be isolated from the network for optimum protection.
Use application whitelisting to help prevent malicious software and unapproved programs from running. Application whitelisting is one of the best security strategies as it allows only specified programs to run, while blocking all others, including malicious software.
Keep your operating system and software up-to-date with the latest patches. Vulnerable applications and operating systems are the target of most attacks. Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
Maintain up-to-date anti-virus software, and scan all software downloaded from the internet prior to executing.