[CoIT-Security] Cybersecurity Update: Global Ransomware Campaign (WannaCry)

CoIT Security coit-security at lists.onenet.net
Mon May 15 10:41:09 CDT 2017 

DATE:  5/15/2017

SUBJECT: Cybersecurity Update: Global Ransomware Campaign (WannaCry)


OVERVIEW:

A global ransomware campaign has affected many organizations initially by exploiting a vulnerability in the SMBv1 protocol.  This ransomware variant is known as WannaCry or Wann Decryptor.  Organizations should remain vigilant in implementing best practices and recommendations regardless of perceived slowdowns in the spread of this ransomware variant.

OneNet UPDATE:  OneNet is continuing to monitor traffic and is available for outreach assistance as needed.
BEST PRACTICE SECURITY RECOMMENDATIONS:

  *   Organizations should close ports 22, 23, 3389, TCP 139 & 145/UDP 137 & 138.

*         Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing (MS17-010).

o   Microsoft release patches for Windows systems no longer receiving mainstream support that mitigate the SMB vulnerabilities.

*         Disable SMBv1 on all systems and utilize SMBv2 or SMBv3 after appropriate testing.

*         Implement Principle of Least Privilege across all systems and services.

*         Ensure endpoint security/antivirus definitions are updated. If endpoint security/antivirus is not in place, this should be one your immediate priorities along with patching.

*         Maintain Cyberawareness across the organization and remind user not to visit untrusted websites and open emails from un-trusted  or unknown senders.

*         Have good/tested data backups (preferably not connected to the network).


REFERENCES:
http://blog.talosintelligence.com/2017/05/wannacry.html
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

ENDPOINT SECURITY:
https://www.symantec.com/products/endpoint-hybrid-cloud-security/endpoint/endpoint-protection
https://www.malwarebytes.com/
http://www.cisco.com/c/en/us/products/security/fireamp-endpoints/index.html
https://www.paloaltonetworks.com/resources/datasheets/endpoint-protection.html



April Goode MBA SPP
Director of OneNet Strategic Planning and Communications

[OneNetBluBlk_rgb]
Learn how OneNet powers weather prediction at the National Weather Center.<https://onenet.net/national-weather-center-tour/>
Oklahoma State Regents for Higher Education
655 Research Parkway Suite 200
Oklahoma City, OK 73104
P 405.225.9251
F 405.225.9250
Toll-free 888.5.ONENET
april at onenet.net<mailto:april at onenet.net>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.onenet.net/pipermail/coit-security/attachments/20170515/8c623464/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 13484 bytes
Desc: image001.png
URL: <http://lists.onenet.net/pipermail/coit-security/attachments/20170515/8c623464/attachment-0001.png>

More information about the CoIT-Security mailing list