Over the last few days, Warpcom has been receiving several requests for information and recommendations on the recent Ransomware attack, to which we are responding on an individual basis, even though we consider that this kind of information should be shared with all of our clients.

The well-known ransomware attacks or data encryption attacks, and subsequent blackmail for data recovery, and information theft, have reached a significant relevance due to a recent massive attack, which occurred on the last 12 May.

These usually smaller-scale and less widespread attacks have been occurring frequently, each day around the globe, affecting also several entities in Portugal.

Particularly vulnerable entities share several common features, namely:

• They still use operating systems that are not supported by manufacturers, such as, Windows XP, Windows 8, Windows 2003;
• They use supported operating systems, but which are not updated with the most recent patches;
• They do not have a perimeter security system/data centre at various levels;
• They do not have an active backup policy, both on and off the network:
• They do not have an active vulnerability detection policy within the communication and system infrastructure;
• They do not have an endpoint protection solution (anti-virus/antimalware program).

As a preventive measure and good practice activity, in addition to the adoption of the identified measures and the ransomware prevention software, we recommend the cautious and responsible use to all users as follows:

• Block protected or encrypted attachments;
• Avoid opening emails from unknown people;
• Be careful when clicking on potentially harmful links within the emails;
• Do not trust unsafe or untrusted websites.
• Do not trust emails where people use names similar to common services, such as PayPal, CTT, financial institutions or other distribution companies, emails with excessive characters or emails you don’t expect;
• Do not click a link you don’t trust, whether in a website, Facebook or in messaging applications;
• In case you receive a message from a known source with links, always make sure you confirm who the sender is before opening the mentioned link;
• Use a well-known anti-virus program and make sure to run the latest update.

Links that provide relevant information in relation to the recent occurrence:

Technical information on WannaCry

http://blog.talosintelligence.com/2017/05/wannacry.html

IPS signatures

Microsoft Windows EternalBlueSMB Remote Code Execution

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0143)

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143

Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0144)

Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0145)

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0145

Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0146)

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0146

Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0147)

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0147

Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0148)

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0148

 

Affected Operating Systems Update

Source:

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

Download de security updates (English Language): Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86,Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86,Windows 8 x64

Download localized versions for the security update for Windows XP, Windows 8 or Windows Server: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598

 

Warpcom, with its vast experience and know-how in the design and implementation of information and communication technology solutions and offering a full range of solutions and services within the cyber security domain, supported by worldwide reference technological partnerships, is available to analyse the specificities of each one of its clients in order to be able to create a solution adapted to each challenge.

Do not hesitate in contacting us should there be any queries.

Manuel Mira

Operations Director