Follow on Google News News By Tag Industry News News By Location Country(s) Industry News
Follow on Google News | Wannacrypt Ransomware – An Action Plan to Improve your Cyber Resilience DefensesA Blog by Steven Malone, Director of Security Product Management at Mimecast designed to help all organizations complete a review of network security, backup and business continuity systems and processes.
By: Mimecast At Mimecast our first priority is to help protect our customers against the latest threats. Our services help protect email which has traditionally been the primary attack route for ransomware. Early samples have revealed that the ransomware is spread over local networks and the internet by abusing Server Message Block (SMB) protocol weaknesses. Although no Wcry 'smoking gun' infection emails have yet been found, it is highly likely that future variants will use email. This short guide is designed to help all organizations complete a review of network security, backup and business continuity systems and processes. We are also providing additional insights into how to make easy and quick configuration changes to ensure your Targeted Threat Protection solution is optimized. As many of you already know, a comprehensive "defense in depth" strategy is the best approach to mitigation of current and future variants of Wcry and other ransomware. Patching Every organization must ensure its IT systems are regularly updated. Microsoft security updates are released on the second Tuesday of each month (Patch Tuesday). Microsoft released a security update back in March which addresses the vulnerability that Wcry is exploiting. For those organizations who have not yet applied the security update, you should immediately deploy Microsoft Security Bulletin MS17-010 (https://technet.microsoft.com/ If you are using a legacy, now unsupported version of Windows, you should consider upgrading immediately. However, if this is impossible in the short term, Microsoft has taken the unusual measure of releasing a security patch (http://catalog.update.microsoft.com/ Microsoft has provided its own detailed guidance to defend against Wcry here. (https://blogs.technet.microsoft.com/ Network hardening Good security practice dictates removing or disabling unnecessary services to reduce the potential attack surface. WannaCry has spread quickly by abusing vulnerabilities in Server Message Block network protocol. Unless you have a very good reason not to, disable the SMBv1 protocol on your network (https://support.microsoft.com/ Disable or block other legacy protocols on your network that you are not using. Email security: Mimecast's Ransomware Defense For customers of Mimecast Targeted Threat Protection, we advise a number of activities: URL Protect - configure a policy in line with our best practice guide (https://community.mimecast.com/ Attachment Protect – configure the "Safe Files" option for all users to ensure inbound Microsoft Office files are converted to a safe and benign format. For users who require editable documents, ensure Attachment Protect's sandboxing is configured. Refer to the best practice guide (https://community.mimecast.com/ Internal Email Protect – this service provides protection for URLs and attachments in both outbound email and also mails sent internally. Ensure policies are applied to all users and ensure remediation capabilities are enabled. Refer to our best practice guide (https://community.mimecast.com/ Mimecast customers using Mimecast's secure email gateway, we advise using the most up to date attachment management definition (https://community.mimecast.com/ Mimecast's ARMed SMTP (https://community.mimecast.com/ Since a very high percentage of ransomware is spread by email attachments, we urge organizations to consider using sandboxing and/or safe file conversion services. DNS authentication capabilities such as DKIM (https://en.wikipedia.org/ To learn more about Mimecast's DMARC implementation and DNS Authentication policies please check out this document (https://community.mimecast.com/ Data backups and business continuity Preventive measures alone can't keep up with the fast-evolving nature of ransomware attacks and as this attack highlights, there are many ways for an infection to enter an organization. It's vital you regularly backup critical data and ensure that ransomware cannot spread to backup files. Ransomware can take time to encrypt large volumes of files, particularly across a network share. It is imperative to ensure your back-up window is long enough to go back before any infection begins. Backup & recovery measures only work after an attack, and cost organizations in downtime and IT resources dealing with the attack and aftermath. Organizations must be able to continue to operate during the infection period and recover quickly once the infection has been removed. Should firms ever pay a ransom? We advise organizations never to succumb to the pressure to pay the ransom to regain access to their applications and data. There is no guarantee this will unlock files and further motivates and finances attackers to expand their ransomware campaigns. End
|
| |||||||||||||||||||||||||||||||||||||||||||||||
Account Phone Number