Effective Tips that you can use to fight against this scourge that is hitting systems across the globe right now.
Disable (or remove entirely) SMBv1 on all systems, whether public facing or internal.
Disable via PowerShell:
On Server 2012 and up: Set-SmbServerConfiguration -EnableSMB1Protocol $false
On Server 2008 R2 and below: Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 –Force
Disable via Registry Edit:
configure the following registry key:
Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Registry entry: SMB1
REG_DWORD: 0 = Disabled
REMOVE SMBv1 on Windows Server (via PowerShell): Remove-WindowsFeature -Name FS-SMB1
Disable SMBv1 on Windows Clients (via PowerShell): Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
Verify ports 139 and 445 (SMB) closed on firewall/perimeter Both Incoming and Outgoing !
Disable Remote Desktop on perimeter. Verify port 3389 is closed on firewall to all internal/DMZ systems.
Verify that RDP 3389 is closed from endpoint PCs to your servers.
Strongly consider stripping Macros from your incoming email. Macros (dynamic attachments) are a serious vulnerability. (Be prepared for some user pushback…. Macros are arguably more dangerous than malicious links, in a sense, because we are effectively allowing malware into our networks.)
Verify that systems, endpoints and servers, are both fully patched, OS and Third-Party Apps.
Microsoft released a patch for this vulnerability back on March 14. It’s update "MS17-010" https://technet.microsoft.com/en-us/library/security/ms17-010.aspx?f=255&MSPPError=-2147217396 Incredibly, Microsoft also issued a rare out-of-band patch for Windows XP for this same exploit. Windows XP is of course out of support. If you have any Windows XP systems, patch them as well!
Verify Anti-Virus is fully up to date.
Follow the 3-2-1-1 backup rule. The traditional 3-2-1 backup rule should be our foundation. The best options have added another -1 to that ruleset for Offline Backups. So the rule reads: 3 copies of your data, on 2 different media, with 1 offsite, and 1 offline.
Verify your spam firewall does URL filtering, and that it’s enabled.
Use some type of End-User Security Awareness training program like KnowBe4
Begin to filter outgoing traffic similarly to how you filter incoming traffic.