WANNACRY: What to do if your users are infected, may be infected or are not yet infected

May 15, 2017 | IT Services, Security-GRC | 0 comments

A massive ransomware attack is making its way across the globe and has hit businesses and individuals in more than 150 countries so far. We’ll give you action steps no matter your status.

But first, here’s what happened: The WannaCry string of ransomware set out to target Microsoft hosts running the file sharing protocol Server Message Block (SMBv1). It exploited a known vulnerability that Microsoft issued a patch for in March 2017. If you haven’t updated your Windows server, desktop or laptop with the March patch, you could be a victim to the attack. The most common targets seem to be banks, hospitals, utility companies and telecomm companies. The malware suggests that for a $300 payment, they will release the machine. This malware continues to spread because many companies do not use anti-malware or have a solid patch management process.

So, if you were one of the 45,000 businesses infected

If the ransomware is already on your system, it is too late for that patch to be effective now. Just because you haven’t seen a ransomware message doesn’t mean it’s not already on your machine.

We recommend deploying Malwarebytes detection and remediation solution immediately. Malwarebytes already has proactive protection built into its product for this event.

You may be infected

  1. Make sure to deploy the MS17-010 patch introduced by Microsoft in March. This patch is rated critical and can address the vulnerabilities by correcting how SMBv1 handles specially crafted requests.
  2. Working on legacy platforms? Make sure you deploy this patch too!
  3. To put the cherry on top – explore Malwarebytes. You can contact us at 216-255-3040 to get priority setup. Malwarebytes signature-less anti-exploit technology blocks the infection vector, while the anti-malware technology blocks the payload pre-execution.

You believe you’re not infected

It’s a good reminder to take a step back and examine why. If you do not have a rigorous patch schedule and a proactive approach to security, you may have been lucky. Many businesses, from Fortune 500 enterprises to smaller businesses, do not have the bandwidth to keep patches updated regularly.

If you don’t have the bandwidth, expertise and tools deployed in house, you might consider engaging managed IT or security services to help. Of course, ASMGi performs this function for many clients with our 24×7 ONEteam support desk.

We’re experts in Security, vulnerability management, malware remediation and prevention and managed IT services.

Here’s how we’ve been able to help our clients:

  • Managed IT Services – ASMGi can do the critical patch updates for you as well as any other IT necessities that maybe you and your team don’t have time to get to.
  • Managed Security Services – We’re there for you whether you need help getting a plan together or need help remediating a problem. It’s kind of our M.O.
  • The right tools for YOUR company – We’re platform neutral but we’ve partnered with the leaders in the security space in order to protect the companies we work with the best that we know how.

Don’t let this attack get you down. Give us a call (216-255-3040) or e-mail; we’d be happy to share our expertise.

View/Add comments

<script type="text/javascript" src="//platform.linkedin.com/in.js"></script><script type="in/share" data-counter="top"></script> <a href="https://twitter.com/share" class="twitter-share-button" data-via="ASMGi_CLE">Tweet</a> <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^https:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script><!-- [et_pb_line_break_holder] -->

Related Posts

<!-- [et_pb_line_break_holder] -->

Navigate the blog