Ransomware attack using NSA arsenal of cyber weapons

Recommended Steps for Prevention

IndustryStandard.com - Start your business today!

• Apply the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017.
• Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate in-bound email using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent email spoofing.
• Scan all incoming and outgoing emails to detect threats and filter executable files from reaching the end users.
• Ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans.
• Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary.
• Configure access controls including file, directory, and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.
• Disable macro scripts from Microsoft Office files transmitted via email. Consider using Office Viewer software to open Microsoft Office files transmitted via email instead of full Office suite applications.
• Develop, institute, and practice employee education programs for identifying scams, malicious links, and attempted social engineering.
• Run regular penetration tests against the network, no less than once a year. Ideally, run these as often as possible and practical.
• Test your backups to ensure they work correctly upon use.

Recommendations for Network Protection 

Chatbot AI and Voice AI | KING.NET - FREE Games for Life.

E-Banks.com - Apply for Loan.

Apply the patch (MS17-010). If the patch cannot be applied, consider:

• Disabling SMBv1 and
• blocking all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.

Note: disabling or blocking SMB may create problems by obstructing access to shared files, data, or devices. The benefits of mitigation should be weighed against potential disruptions to users.

Review US-CERT’s Alert on The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations and consider implementing the following best practices:

1. Segregate networks and functions.
2. Limit unnecessary lateral communications.
3. Harden network devices.
4. Secure access to infrastructure devices.
5. Perform out-of-band network management.
6. Validate integrity of hardware and software.

Recommended Steps for Remediation

• Contact law enforcement. We strongly encourage you to contact a local FBI field office upon discovery to report an intrusion and request assistance. Maintain and provide relevant logs.
• Implement your security incident response and business continuity plan. Ideally, organizations should ensure they have appropriate backups so their response is simply to restore the data from a known clean backup.

Defending Against Ransomware Generally

Precautionary measures to mitigate ransomware threats include:

• Ensure anti-virus software is up-to-date.
• Implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks.
• Scrutinize links contained in emails, and do not open attachments included in unsolicited emails.
• Only download software—especially free software—from sites you know and trust.
• Enable automated patches for your operating system and Web browser.” via Indicators Associated With WannaCry Ransomware — QUE.com