I would like to inform you that there are warnings and risks on our servers, Computers based on the statements published today in more than one website and published through (Microsoft, NCSC,..ETC) the emergence of Ransomware virus.
This virus attacked many of PC,s, and servers over all the world that’s why We need necessarily to do the below things ASAP
- Conduct full DB patching on this Sunday for all DB servers
- Update all of the servers in our organization by this update (Microsoft Security Bulletin MS17-010 – Critical) https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
- Close this ports from all of the servers (135, 139, 145)
- Close all TCP 3389, TCP 445, TCP 135 and TCP 139 from all desktop machines even ours
- Disable SMBv1 For customers running Windows Vista and later See Microsoft Knowledge Base Article 2696547.An alternative method for customers running Windows 8.1 or Windows Server 2012 R2 and later.
- For client operating systems: Open Control Panel, click Programs, and then click Turn Windows features on or off. In the Windows Features window, clear the SMB1.0/CIFS File Sharing Support checkbox, and then click OK to close the window. Restart the system.
- For server operating systems: Open Server Manager and then click the Manage menu and select Remove Roles and Features. In the Features window, clear the SMB1.0/CIFS File Sharing Support check box, and then click OK to close the window. Restart the system.
- SMB should be disabled if not required for business use.
- MS17-010 use has been confirmed, and that vulnerability should be patched
- All SMB-related patches should be applied to servers as soon as practical.
- Any Microsoft updates that haven’t been applied to servers should be applied as soon as possible.
- Notice to all users should be sent regarding this attack and a reminder about clicking links or opening files in emails from suspicious or unknown sources should be sent.
- Review current backup policies and procedures and be prepared to perform a restore in case of infection – it is never a good idea to pay the ransom in a ransomware attack if at all avoidable.
- Disable default user accounts
- Educate users to avoid following links to untrusted sites
- Always execute browsing software with least privileges possible
- Turn on Data Execution Prevention (DEP) for systems that support it
- Maintain a regular patch and update cycle for OS and installed software
- For additional details, please reference: http://technet.microsoft.com/en-us/library/dd277328.aspx
- Exchange Online Advanced Threat Protection Service Description https://technet.microsoft.com/en-us/library/exchange-online-advanced-threat-protection-service-description.aspx
- Check ETR-Global Outbreak of WannaCry Ransomware (ETR-2017-C020) from Symantec (Emerging Threat – Global Outbreak of WannaCry Ransomware (ETR-2017-C020))ETR-Global Outbreak of WannaCry Ransomware (ETR-2017-C020)
For more information about this Ransomware virus and its spread through the largest website and the Microsoft site and what is already happening in some of the facilities, Please check the below Images and links
- Online map showing the target state in this attack https://intel.malwaretech.com/WannaCrypt.html
- Wanna Cry Ransomware Quick Analysishttp://malwarenailed.blogspot.com/2017/05/wanna-cry-quick-analysis.html?m=1
- Customer Guidance for WannaCrypt attacks https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/?utm_source=windows-noob.com
- لاحظ المركز انتشار فيروس فدية Ransomware لأنظمة ويندوز، وينصح المركز بالتالي سريعاً https://twitter.com/NCSC_SA/status/863129986877857793?s=08
- هجمات “غير مسبوقة” لبرمجيات “الفدية الخبيثة” تستهدف المؤسسات في أنحاء العالم http://www.bbc.com/arabic/science-and-tech-39898521
- If You Have Windows, Update It Right Now To Keep This Massive Hack Out https://www.buzzfeed.com/sheerafrenkel/the-biggest-ransomeware-attack-in-history-is-hitting?utm_term=.nd3Jq97rr#.cpnn7W0rr
- WannaCry ransomware used in widespread attacks all over the world https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/
- What you need to know about the WannaCry Ransomware https://www.symantec.com/connect/blogs/what-you-need-know-about-wannacry-ransomware
- Microsoft patches Windows XP to fight the WannaCrypt ransomware attacks https://betanews.com/2017/05/13/microsoft-patches-windows-xp-to-fight-wannacrypt-ransomware-attacks/
- WHAT IS RANSOMWARE? COMPUTERS AROUND THE WORLD INFECTED BY MALWARE DEMANDING MONEY http://www.newsweek.com/ransomware-computer-malware-infected-demand-money-608701
- Microsoft releases #WannaCrypt protection for out-of-support products Windows XP, Windows 8, & Windows Server 2003: https://twitter.com/microsoft/status/863286567137402880
One thought on “Methods of protection and recommendations from threats and dangers of a Ransomware virus”
Wow, this is some kind of new virus …? Thanks for the helpful tips on protecting from the virus.