Skip to main content

Massive Ransomware Attack

A massive Ransomware attack took place this weekend which has caused severe disruption to many organizations around the world. The name of the ransomware has been identified as “WannaCry”. The current available information indicates that the ransomware is initiated through SMBv2 remote code execution vulnerability in Microsoft Operating System based computers. Microsoft has provided a critical security update for the vulnerability in March 2017.

Affected Resources

All Windows operating systems which has not applied Microsoft Windows SMB Server (4013389) security update are most likely to be affected by WannaCry ransomware. Have a look at the following page for more details about the affected systems:
MS17-010: Security update for Windows SMB Server: March 14, 2017

Solutions / Response

1. Check all your system and make sure that all are updated with latest Windows Security patches

2. If you have IDS installed in your organization, regularly monitor and respond to IDS events promptly

3. Make sure that SMB ports (139, 445) are blocked from the Internet hosts in firewall rules

4. Make sure that the users in your organization are aware of this threat. Also, make them aware that it is spreading through email attachment and warn them to take extra caution while opening any link.

5. Make sure that you have good copy of backup of data for your organization