This has been one of the biggest attacks and Europol Director Rob Wainwright told the BBC that the cyberattack is “unprecedented in its scale,” and he said that it will most likely continue as people return to work this week. Microsoft came out to took the unusual step to issue a patch for Windows XP, the patch will only work if installed, and authorities have been warning businesses to ensure that their systems are updated.
So what can you or your organization do to prevent this attack? Well, the The Uganda National Computer Emergency Response Team recommends you take the following action;
a) Urgently apply the latest Microsoft Security Upate MS17-1010 – this reduces the affected SMB Server vulnerability used in this attack;
b) Aggressively update all firewall and AV signatures;
c) Keep up to date back-ups of all critical data;
d) Test and make a separate copy of the backup. A Copy of backed up data MUST be stored offline;
e) Test and practice data recovery procedures for effectiveness;
f) Ensure that all systems are patched up (especially all Microsoft installations, browsers and all its plugins);
g) Disable the execution of files with extension WNCR;
h) Disable macro scripts in files transmitted via email;
i) Scan all incoming and outgoing emails to detect threats and filter executable files (extensions such as exe and scr) from reaching end users;
j) Isolate communication to ports 137 and 138 UDP and ports 139 and 445 TCP in your organizations’ network;
It is paramount that:
k) Ensure that the principle of ‘Least Privilege Access’ is adhered to for all users;
l) Ensuring effective use of effective anti-virus solutions on all computers as well as rootkit scanners on critical servers (effective anti-virus covers all the five distinct layers of protection: network, file, reputation, behavioral and repair). All e-mails and web downloads should be scanned to reduce exposure;
m) All web traffic should be filtered to block potential threats
The ransomware attack began on Friday afternoon, where it affected England’s National Health Service, prompted automaker Renault to idle factories in France, and many others. IA 22-year-old cybersecurity expert known as MalwareTech slowed the attack by registering a domain name he discovered in the ransomware’s code. He told the BBC that another attack is likely coming soon, one that works around his fix.
Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You’re only safe if you patch ASAP.
— MalwareTech (@MalwareTechBlog) May 14, 2017
Researchers have since discovered two new variations of the ransomware. One has been blocked with another domain name registration, but the other variant has no kill switch, but is only partially working.