Over the last few days, Warpcom has been receiving several requests for information and recommendations on the recent Ransomware attack, to which we are responding on an individual basis, even though we consider that this kind of information should be shared with all of our clients.
The well-known ransomware attacks or data encryption attacks, and subsequent blackmail for data recovery, and information theft, have reached a significant relevance due to a recent massive attack, which occurred on the last 12 May.
These usually smaller-scale and less widespread attacks have been occurring frequently, each day around the globe, affecting also several entities in Portugal. Particularly vulnerable entities share several common features, namely:
- They still use operating systems that are not supported by manufacturers, such as, Windows XP, Windows 8, Windows 2003;
- They use supported operating systems, but which are not updated with the most recent patches;
- They do not have a perimeter security system/data centre at various levels;
- They do not have an active backup policy, both on and off the network:
- They do not have an active vulnerability detection policy within the communication and system infrastructure;
- They do not have an endpoint protection solution (anti-virus/antimalware program).
As a preventive measure and good practice activity, in addition to the adoption of the identified measures and the ransomware prevention software, we recommend the cautious and responsible use to all users as follows:
- Block protected or encrypted attachments;
- Avoid opening emails from unknown people;
- Be careful when clicking on potentially harmful links within the emails;
- Do not trust unsafe or untrusted websites.
- Do not trust emails where people use names similar to common services, such as PayPal, CTT, financial institutions or other distribution companies, emails with excessive characters or emails you don’t expect;
- Do not click a link you don’t trust, whether in a website, Facebook or in messaging applications;
- In case you receive a message from a known source with links, always make sure you confirm who the sender is before opening the mentioned link;
- Use a well-known anti-virus program and make sure to run the latest update.
Links that provide relevant information in relation to the recent occurrence:
Technical information on WannaCry
http://blog.talosintelligence.com/2017/05/wannacry.html
IPS signatures
Microsoft Windows EternalBlueSMB Remote Code Execution
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0143)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143
Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0144)
Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0145)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0145
Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0146)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0146
Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0147)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0147
Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0148)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0148
Affected Operating Systems Update
Fonte: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Download de security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86,Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86,Windows 8 x64
Download localized versions for the security update for Windows XP, Windows 8 or Windows Server: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598
Warpcom, with its vast experience and know-how in the design and implementation of information and communication technology solutions and offering a full range of solutions and services within the cyber security domain, supported by worldwide reference technological partnerships, is available to analyse the specificities of each one of its clients in order to be able to create a solution adapted to each challenge.
Do not hesitate in contacting us should there be any queries.
Manuel Mira
Operations Director