What to know and how to protect your business
As you are well aware, this past Friday saw the latest in cyber attacks with the release of the global ransomware campaign WannaCry. Unfortunately, this is an ever-increasing trend with over 1 million new malware threats released daily. And with each passing day, these malware authors grow smarter and more devious – WannaCry being no exception.
Like traditional ransomware, WannaCry encrypted all local files and network drives, however, a key difference in this variant the longer you wait to pay the ransom the higher the ransom becomes. WannaCry spreads between devices in two ways: traditional email phishing and a leaked weaponized NSA SMBv1 zero day. This allows it to spread much faster and deeper than normal ransomware making it more dangerous. The SMBv1 zero day allows WannaCry to attack devices directly connected to the internet if they have port 445 open. The traditional attack vector of email phishing sends a malicious link in an email which an unsuspecting user clicks. Once the first computer is infected by either method the SMB zero day is used to spread the malware internally.
Due to the staged attack approach of this malware there are several areas which need to protected:
- Your firewall should only allow ports through which are needed and these ports should be locked down by IP address(es). Nothing should be open to the world. celito Service Desk customers already have their firewalls locked down to only allow necessary traffic inbound and that traffic is restricted to only authorized IP addresses.
- Email protection should be utilized to prevent phishing attacks from reaching end users. celito recommends Mimecast which provides protection against phishing attacks, URL sanitization, and attachment protection. All three of these security protections help defend against ransomware attacks such as WannaCry.
- OS Patching should be up to date in order to prevent exploitation of known security vulnerabilities. Microsoft released a security update to patch the previously unknown SMBv1 zero day in March. celito Service Desk customers are already protected against known security vulnerabilities as patches are installed automatically by celito.
At celito, we offer comprehensive solutions which help protect you and your valuable data from future threats. We hope you were not derailed by this latest and unprecedented malware, but if you are in search of a partner in the fight against future attacks, call us at 919-852-1238 or email us at firstname.lastname@example.org.