Technical WannaCry Ransomware Protection Tips

May 15, 2017

    

Effective Tips that you can use to fight against this scourge that is hitting systems across the globe right now.

 

 Disable (or remove entirely) SMBv1 on all systems, whether public facing or internal. 

 

 Disable via PowerShell:

 

 

On Server 2012 and up: Set-SmbServerConfiguration -EnableSMB1Protocol $false 

 

 On Server 2008 R2 and below: Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 –Force

 

 Disable via Registry Edit:

configure the following registry key:

Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

Registry entry: SMB1
REG_DWORD: 0 = Disabled

 

 REMOVE SMBv1 on Windows Server (via PowerShell): Remove-WindowsFeature -Name FS-SMB1

Disable SMBv1 on Windows Clients (via PowerShell): Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

 

 Verify ports 139 and 445 (SMB) closed on firewall/perimeter Both Incoming and Outgoing !

 

Disable Remote Desktop on perimeter. Verify port 3389 is closed on firewall to all internal/DMZ systems.

 

 Verify that RDP 3389 is closed from endpoint PCs to your servers.

 

 

Strongly consider stripping Macros from your incoming email. Macros (dynamic attachments) are a serious vulnerability. (Be prepared for some user pushback….  Macros are arguably more dangerous than malicious links, in a sense, because we are effectively allowing malware into our networks.)

 

 Verify that systems, endpoints and servers, are both fully patched, OS and Third-Party Apps.

 

Microsoft released a patch for this vulnerability back on March 14. It’s update "MS17-010" https://technet.microsoft.com/en-us/library/security/ms17-010.aspx?f=255&MSPPError=-2147217396 Incredibly, Microsoft also issued a rare out-of-band patch for Windows XP for this same exploit. Windows XP is of course out of support. If you have any Windows XP systems, patch them as well!

 

Verify Anti-Virus is fully up to date. 

 

 

Follow the 3-2-1-1 backup rule. The traditional 3-2-1 backup rule should be our foundation. The best options have added another -1 to that ruleset for Offline Backups. So the rule reads: 3 copies of your data, on 2 different media, with 1 offsite, and 1 offline

 

 

Verify your spam firewall does URL filtering, and that it’s enabled.

 

Use some type of End-User Security Awareness training program like KnowBe4  

 

Begin to filter outgoing traffic similarly to how you filter incoming traffic.​

Please reload

Featured Posts

How to check if a website is ok?

January 4, 2018

1/10
Please reload

Recent Posts
Please reload

Search By Tags
Please reload