212.997.0600

What you should know about the new Wannacry Ransomware

There has been a flood of news about Ransomware these past couple of days.  The Wannacry incident that occurred on Friday is new and scary in some ways yet more of the same in some others.  This is what we know and what we should understand from this incident.

Firstly, if ransomware is a foreign concept to you, you can read basic Ransomware definition and details here.

SITUATION WITH WANNACRY

Jumping to the details of WannaCry ransomware, Wannacry / Wcry /Wannacrypt as it is known around the world has hit over 100 countries including Telefonica in Spain and National Health Services in UK and Fedex in the US.  The malware scans a network for computers that are running Microsoft Windows that don’t have the latest patches installed on them.  The malware then compromises these computers, locking (encrypting) all the files stored on them and then demands a ransom payment in the form of bitcoins to unlock/decrypt the files that it has encrypted.  All it takes 1 machine on a network to get infected as this Malware then spreads to other machines via the network. This is how the infection has spread to tens of thousands of computers around the world.  Check out this map that New York times posted of the infections around the world.

Wannacry-map

 

MITIGATION AND PREVENTION – WannaCry hit mainly because the things were not updated or upgraded

Organizations looking to mitigate the risk of becoming compromised should follow the following recommendations:

  • Work with a Managed Service provider such as DDKinfotech to ensure all Windows-based systems are fully patched. At a very minimum, ensure Microsoft bulletin MS17-010 has been applied.
  • In accordance with known best practices, any organization who has SMB publicly accessible via the internet (ports 139, 445) should immediately block inbound traffic.

In addition to the mitigations listed above, DDKinfotech strongly encourages organizations take the following industry-standard recommended best practices to prevent attacks and campaigns like this and similar ones.

  • Work with your IT Provider to ensure your organization is running an actively supported operating system that receives security updates.
  • Ensure that your IT Provider utilizes effective patch management that deploys security updates to endpoints and other critical parts of your infrastructure in a timely manner.
  • All your systems should run anti-malware software on your system and ensure you regularly receive malware signature updates.  DDKinfotech provides Antivirus and Malware protections to all systems under our management.  Our endpoint security software actively blocks “Wannacry”  attacks.
  • Work with your IT Provider to implement a disaster recovery plan.  Not having current backups can leave an organization completely crippled and if your business depends on that data you could potentially be down for days or weeks and even face a complete shutdown.

About the author: Raj Katyal

Raj is the Director at DDKinfotech. Raj has over 16 years of experience in IT Management and over 10 years of experience in the MSP industry, holding both Management and Technical level positions during this time. He has tremendous experience in running an IT Support service for SMBs and works diligently everyday in ensuring that DDKinfotech has the right people, processes and technology to support and value to the Clients.

More posts by Raj Katyal

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copyright © 2016 DDKinfotech - All Rights Reserved
Top