As you’ve likely read, the latest high profile cyber-attack has been against NHS hospitals here in the UK and also reported to affect organisations across 74 countries (Source: MalwarHunter), this latest outbreak is a targeted ransomware named WanaCrypt0r is a variant of WannaCry.
This new variant is using a recently disclosed Windows vulnerability known as EternalBlue to propagate laterally between clients running Microsoft based operating systems.
What can you do to protect your organisation from this new wave of ransomware?
Our first and foremost recommendation would be to patch all of your Microsoft systems, Microsoft has acknowledged the gravity of this situation and has also release patches for unsupported versions such as XP, 8 and Server 2003. With this vulnerability mitigated the ransomware would be unable move laterally between assets.
Ensure you have recent backups of all critical data, if you find yourself with encrypted files (Documents, Images etc) then the more often than not this is the best and in some cases only way of restoring your data.
Update your Intrusion Prevention engines to protect against the latest Microsoft vulnerabilities and set it to prevent. This has limited impact on the situation since in most cases IPS systems will not be protecting lateral movement but it could help prevent against longitudinal movement through VPNs and from remote access users.
Finally the last recommendation is to add preventative ransomware protections, we have a selection of recommended solutions at both the endpoint and network level advanced detection of threats such as ransomware.
As always if you need assistance or have any questions then get in touch and we’ll be happy to assist you.