Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.
AS the Wannacry ransomware attack evolves . cybercriminals are going to target users who are likely to pay them. Do you agree ?
Harden the perimeter security. IPS, APT solutions etc..
We must patch all the Microsoft infrastructure.
make sure all vulnerable ports are closed from internet or DMZ
the best solution to avoid malware attacks such as wanna cry is dont download any unsecured softwares from freeware sites and check before downloading emails and messages, used to keep backup for every important documents to an external drives is also a best option.
cybercrimals are going to targers the user who are likely to pay them I agree, but it doesnot mean others are secure.. they can attack anyone.
Hi All,
Ransomware: A type of malicious software designed to block access to a computer system until a sum of money is paid.
What is Ransomeware:External blue is the Microsoft vulnerability that is exploited by the attacker called as WannaCry. Experts found that the code has Kill switch in it and it has spread widely across the country.
Basic steps to prevent from Ransomware :Update the patch’s, Make sure your anti-virus as be updated, take backups. Do not click on links and URLS which is compromised. Scan your laptop for regular basis and whenever you plug some external device kindly do not forget to scan it! Every 2nd tuesday of a month microsoft relases a Security patch.
With all the basic security controls that most of the companies have , following protection measures against wannacry or any similar malware could be helpful
1- Limit Client to Client , client to server and server to server communication
2- Change default ports for services like SMB , RDP etc… where possible
3- Patching windows and third-party applications in an automated way
4- Application whitelisting via Windows Applocker or alternative
5- Microsoft EMET
6- DNS Security (Cisco Open DNS , Infoblox DNS Security)
7- Advanced Endpoint Malware protection (Fireeye HX , Palo Alto Traps, Cisco AMP , McAfee ATD )
8- User Awareness about possible phishing emails , Malicious links and downloads
9- Blocking and reviewing macros based documents on the Email Gateway , Web Gateway & Windows office suites
- HIPS for Servers & Endpoints
- Blocking common protocols used for Data exfiltration in the outbound direction (SMB , FTP , VPN, TOR, SMTP, DNS)
- Web Application Security and Pen Testing
- Vulnerability Assessment and Remediation
- Adding NGFWs