How The Attack Works:
While the initial infection vector is unclear, it is certain that once inside the network, it attempts to spread to other hosts using the SMB protocol by exploiting the EternalBlue vulnerability (CVE-2017-0144) on Microsoft Windows systems. It can spread laterally on the same network, without any end user involvement. It encryps hosts, files stored on them and then demands a ransom payment in the form of Bitcoin.
While the initial infection vector is unclear, it is certain that once inside the network, it attempts to spread to other hosts using the SMB protocol by exploiting the EternalBlue vulnerability (CVE-2017-0144) on Microsoft Windows systems. It can spread laterally on the same network, without any end user involvement. It encryps hosts, files stored on them and then demands a ransom payment in the form of Bitcoin.
How to Protect Your Organization:
First if you haven't already you want to ensure that devices running Windows are fully patched in particular, apply the following Microsoft Security bulletin MS17-010. Strongly consider blocking legacy protocols like SMBv1 inside the network and blocking all SMB connections (TCP ports 139, 445) from externally accessible hosts.
A network security solution including next-gen firewalls, malware protection and cloud security can provide cyber security protection and limit the execution of WannaCry and other security threats. Download the AMS.NET Cyber Security Prevention Guide for more guidance on various threats, organization best practices and solutions to minimize those threats. We have Premium Flex time professional services to provide expertise and consulting services that can be used to review your network security and help your team where needed. Fill out the form to the right to be contacted for more information to to dicusss your security solution.
WanaCry Ransomware Security Coverage
Please do not register for other individuals with your email address. It will cancel your registration.
Need help? Fill out the form below to be contacted to review your network security or for help with security solutions.
