“WannaCry” Attack Affects Organizations Globally
A worldwide ransomware campaign using a stolen NSA hacking tool has resulted in more than 200,000 attacks in over 150 countries, including the crippling of Britain’s main healthcare system and Spain’s Telefonica.
The attack, dubbed ‘WannaCry,’ is initiated through a SMBv1 remote code execution in Microsoft Windows.” This exploit (codenamed “EternalBlue”) has been made available on the Internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14.
“Our Managed Services clients have remained relatively unaffected by this latest attack. Our ongoing patch-management program helps lower the likelihood of organizations becoming victims to these ongoing attacks” said Phil Magnuszewski, head of Envision’s Managed Services practice.
However, keeping yourself out of the crosshairs requires addressing security from multiple vectors. There is no silver bullet. Here are some of the common best practices to maintain to help prevent future attacks in your organization:
- Keep your patching up to date. While it’s not a guarantee, keeping your Windows patches up to date helps to reduce the ability of having your systems affected.
- Backup your files. In the event you are affected, then having your files backed up on a regular basis allows you to restore your files from a time prior to being infected.
- Border security. Make sure that you have a firewall with border security services enabled including filtering of malicious content (email and web) and IDS and IPS services.
- Diligence in end-user training. Ongoing training of your end users around being aware and diligent in these type of cyber-attacks helps round out your security posture. Most of these types of attack are initiated by opening up an infected file.
In conclusion, despite all of our best efforts, these attacks still may affect all or some of your end users. It’s important to know that if an infection does occur, to unplug the affected device from the network (or power down) as quickly as possible to reduce the likelihood of exposing any additional systems to the attack.
If you're concerned about your company's security please contact an Envision security expert for assistance.