WHICH TYPE OF INTERNET CONNECTION IS RIGHT FOR YOU AND WHAT IS AVAILABLE AT YOUR PLACE?
July 21, 2017

URGENT MEASURES: AGAINST RANSOMWARE ATTACK

This alert is to provide guidance regarding malware variously named WannaCrypt, WannaCry, WannaCryptor, or Wcry. Over the weekend you may have read in the news about it which used a leaked NSA cyberweapon to spread itself to computers all over the world. You any have also read that the first instance of this virus was slowed and almost stopped by a Cyber Security expert who had managed to find a Kill Switch inside the virus’s code. What you may not be aware of is that there is now a second instance of this virus spreading without a Kill switch.
http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=11856205

What you can do now yourself as emergency measures:

1. Patch – Refer to the MS https://technet.microsoft.com/en-us/library/security/ms17-010.aspx Confirm the environment is patched across all affected MS systems.
2. Update AV: check the latest updates are in place.
3. Security Awareness: Alert staff – don’t click on suspicious emails from people you don’t know or with strange/unexpected subject lines.
4. Email gateway: Ensure all email attachments with .exe, .bat and more specific filenames as listed below are at least temporarily blocked.
5. File Names:

  • @Please_Read_Me@.txt
  • @WanaDecryptor@.exe.lnk
  • Please Read Me!.txt (Older variant)
  • C:\WINDOWS\qeriuwjhrf
  • [0-9]{15}.bat #regex
  • !WannaDecryptor!.exe.lnk
  • pky
  • eky
  • res

Long Term Approach: To protect your IT Network against such attach we need multiple layer of security i.e.

1. Update Backup: Please ensure you have adequate backups of your data – especially shared drives!

2. Network Layer: Install Firewall with strict policies which will not let any unwanted access to enter our network.

3. Server End-user: AV which has Anti-Malware, Ransomware, Rootkit capabilities + Ensure users are aware not to open E-mail with .exe , .bat extension we can all push such policies if we have AD. And they have latest update of Windows.

4. Backup: After implementing above security process still there are chances we can be hit by Ransomware, In such scenario Backup is the only last resort where we format the computer and replace with the data backup.

If you have any queries or need help, then reach us straight away on 09 950 3244