WannaCrypt 2.0 and Beyond

Hi Everyone,

We are happy to report that no FSL customers have reported back to us that they had or have been infected by the WannaCry virus. Credit goes to all the IT teams, Network Admins and everyone out there for protecting their end users, data and staying vigilant against during this outbreak. But this is no time to relax as apparently the 2nd wave of WannaCrypt (without the  Kill-Switch) is out and still infecting and cryptocurrency miner Adylkuzz is spreading.

There is enough information out there on this outbreak, so I won’t dive in the inner workings of WannaCrypt but we want to put a reminder that the next Ransomware/Worm/Malware is already being masterminded and being readied to deploy so best to check & double check your defenses.

Keep in mind that no single solution is the silver-bullet. Layers of security will give you more depth and protection but nothing will guarantee 100% protection.

Here is our Top 10 list of items you should check:

  1. Backup..Backup & Backup.  You’re only as safe as your last good backup. You can do everything right and still get infected. At that point, you’ll only have your backups to rely on and that would be the worst time to find out your backups weren’t running, are corrupted or unusable.  Make sure your backups are protected so that ransomware or virus can’t wipe them out.
  2. Is your Operating System patched and to the latest version. Sometimes you can’t control when patches will be released (Ahem..Microsoft) but do the best you can to make sure you’re up to date.
  3. End User Training – Make sure your users know how to respond properly to a suspicious email. Do they forward it to IT, delete it. Do they know not to click on any links. The Human Factor should be constantly addressed as we tend to get lax and that’s when things go wrong.
  4. Desktop AV should be installed and updated. Most AV suites have anti-malware features. Enable them and let your users know what to do when an alert does pop up.
  5. Increase your Email Security – Have you implemented SPF?. Is your configuration up to date and can you make settings changes to enhance security? Email is one of the ways malware can enter so make sure you’re covered properly.
  6. Enable HTTP scanning by using a HAVP or Squid.
  7. Disable Macros and ActiveX in the Microsoft Office Suite.
  8. Solutions like Applocker and Microsoft EMET(free) can help secure the desktop even further.
  9. Use Network Segmentation to prevent ransomware from spreading. If users don’t need access to certain networks, consider removing access to prevent further infection.
  10. Implement an Intrusion Detection/Prevention System. Properly configured, such a solution can detect and alert you to possible threats.

Here is a more comprehensive list put together by Helpnet Security.

We’ve implemented several methods for you to to get alerts, updates and articles.

Make sure you are on our mailing list. If you haven’t received alerts or notices in the past, check with us and we’ll add you or use the link below to sign up right now. If there is someone else at your organization that would benefit from our alerts, forward this email to them and have them sign up.  Click here to sign up.

Connect with us via Social Media. We post on Facebook, Twitter, LinkedIn & Google+.

As always, contact us at support (@) fsl.com if you have any questions or concerns.

Thank you,

Fort Systems Ltd.

www.fsl.com

About the Author