WannaCry Malware: How to protect your business?

A major ransomware attack has affected many organizations across the world reportedly including Telefonica in Spain, the National Health Service in the UK, and FedEx in the US. The malware responsible for this attack is a ransomware variant known as ‘WannaCry’.

The malware has the capability to scan heavily over TCP port 445 (Server Message Block/SMB), spreading similar to a worm, compromising hosts, encrypting files stored on them then demanding a ransom payment in the form of Bitcoin.

 Recommendation:

  • Organizations should ensure that devices running Windows are fully patched and deployed in accordance with best practices.
  • Additionally, organizations should have SMB ports (139, 445) blocked from all externally accessible hosts. Here is a document explaining the process for mitigation and prevention with further information found at the below link. http://blog.talosintelligence.com/2017/05/wannacry.html

Please note this threat is still under active investigation, the situation may change as we learn more or as our adversary responds to our actions. Talos will continue to actively monitor and analyze this situation for new developments and respond accordingly. As a result, new coverage may be developed or existing coverage adapted and/or modified at a later date. For current information, please refer to your Firepower Management Center or Snort.org.

Provista recommends Cisco Umbrella. With a free, no obligation 14 day trial you can be protected in only a few hours’ time!
How does it work?

  • Umbrella uses DNS to actively prevent threats over all ports and protocols, including direct to IP connections.
  • It has an intelligent proxy that selectively targets suspicious domains, meaning that there is no delay or impact on your network performance.
  • If your devices are infected by some other means, Umbrella will prevent the ransomware from communicating with its attacker, meaning that it won’t be able to initiate file decryption.

Rapid Deployment
is quick and easy – no hardware to install or software to maintain. Watch a quick video to find out.
Contact us or fill in the form to sign up for the trial now and we will be in touch to set up the trial for you shortly! Please do not hesitate to contact us on 0345 642 4 642 or email to discuss your cyber security with us!
Kind regards,

Provista Team

Share on LinkedInTweet about this on TwitterShare on FacebookEmail this to someone