RSS

Methods of protection and recommendations from threats and dangers of a Ransomware virus

14 May

I would like to inform you that there are warnings and risks on our servers, Computers based on the statements published today in more than one website and published through (Microsoft, NCSC,..ETC) the emergence of Ransomware virus.

This virus attacked many of PC,s, and servers over all the world that’s why We need necessarily to do the below things ASAP

 

WhatsApp Image 2017-05-13 at 3.18.07 PM

  • Conduct full DB patching on this Sunday for all DB servers
  • Update all of the servers in our organization by this update (Microsoft Security Bulletin MS17-010 – Critical) https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
  • Close this ports from all of the servers (135, 139, 145)
  • Close all TCP 3389, TCP 445, TCP 135 and TCP 139 from all desktop machines even ours
  • Disable SMBv1 For customers running Windows Vista and later See Microsoft Knowledge Base Article 2696547.An alternative method for customers running Windows 8.1 or Windows Server 2012 R2 and later.
  • For client operating systems: Open Control Panel, click Programs, and then click Turn Windows features on or off. In the Windows Features window, clear the SMB1.0/CIFS File Sharing Support checkbox, and then click OK to close the window. Restart the system.
  • For server operating systems: Open Server Manager and then click the Manage menu and select Remove Roles and Features. In the Features window, clear the SMB1.0/CIFS File Sharing Support check box, and then click OK to close the window. Restart the system.
  • SMB should be disabled if not required for business use.
  • MS17-010 use has been confirmed, and that vulnerability should be patched
  • All SMB-related patches should be applied to servers as soon as practical.
  • Any Microsoft updates that haven’t been applied to servers should be applied as soon as possible.
  • Notice to all users should be sent regarding this attack and a reminder about clicking links or opening files in emails from suspicious or unknown sources should be sent.
  • Review current backup policies and procedures and be prepared to perform a restore in case of infection – it is never a good idea to pay the ransom in a ransomware attack if at all avoidable.
  • Disable default user accounts
  • Educate users to avoid following links to untrusted sites
  • Always execute browsing software with least privileges possible
  • Turn on Data Execution Prevention (DEP) for systems that support it
  • Maintain a regular patch and update cycle for OS and installed software
  • For additional details, please reference: http://technet.microsoft.com/en-us/library/dd277328.aspx
  • Exchange Online Advanced Threat Protection Service Description https://technet.microsoft.com/en-us/library/exchange-online-advanced-threat-protection-service-description.aspx
  • Check ETR-Global Outbreak of WannaCry Ransomware (ETR-2017-C020) from Symantec (Emerging Threat – Global Outbreak of WannaCry Ransomware (ETR-2017-C020))ETR-Global Outbreak of WannaCry Ransomware (ETR-2017-C020)

 

For more information about this Ransomware virus and its spread through the largest website and the Microsoft site and what is already happening in some of the facilities, Please check the below Images and links

 
Leave a comment

Posted by on May 14, 2017 in General topics

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s