After the global pandemic of the WannaCry ransomware attack this past weekend, it’s entirely predictable that fraudsters would follow. After every major attack or vulnerability disclosure, criminals are quick to take advantage of the attendant fear by pitching phony schemes to “protect” those that are worried they may be, or may become, victims.
This has indeed occurred already in the wake of WannaCrypt. Various third-party mobile app stores are offering protection from the ransomware, but those protective apps are for the most part bogus, and commonly infested with adware. So, steer clear of apps promising protection, and instead patch and update your systems.
Spam emails notifying you that your machine is infected with WannaCry (see picture below) are also making the rounds.
Here’s some guidance to be safe from these attempts:
- Apply the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017.
- Perform a detailed vulnerability scan of all systems on your network and apply missing patches ASAP.
- Limit traffic from/to ports 139 and 445 to internal network only. Monitor traffic to these ports for out-of-ordinary behavior.
- Enable strong spam filters to prevent phishing e-mails from reaching the end users and authenticate in-bound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent e-mail spoofing.
- Scan all incoming and outgoing e-mails to detect threats and filter executable files from reaching the end users.
- Ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans.
- Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary.
- Configure access controls including file, directory and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories or shares.
- Disable macro scripts from Microsoft Office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office suite applications.