RSM India

Newsflash - Ongoing Cyber Attack 'WannaCry Ransomware' & Steps to Prevent

In the newsflash we would like to mention certain steps to prevent such attacks in your organization. The malicious software behind the major cyber attack is known as ‘WannaCry’.

Following are the synopsis of what you need to know about 'WannaCry', the malicious software behind the ongoing worldwide hacking attack

 

Which Systems are Affected

The malicious software (‘WannaCry’) targets Microsoft’s Windows Operating Systems

How it works

WannaCry is a form of ransomware that locks up files on your computer and encrypts them in a way that you cannot access them anymore. It targets Microsoft's widely used Windows operating system.

When a system is infected, a pop-up window appears with instructions on how to pay a ransom amount of $300. Payment is only accepted in bitcoin.

When it was first detected

The latest version of this ransomware variant, known as WannaCry, WCry, or Wanna Decryptor, was discovered the morning of May 12, 2017, by an independent security researcher and has spread rapidly over several hours, with initial reports beginning around 4:00 AM EDT, May 12, 2017. Open-source reporting indicates a requested ransom of 1781 bitcoins, roughly $300 U.S.

Recommended Steps for Prevention

Immediate Action:

  • Apply the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017

Additional key steps for prevention:

  • Enable strong spam filters to prevent phishing e-mails from reaching the end users and authenticate in-bound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent e-mail spoofing. 
  • Scan all incoming and outgoing e-mails to detect threats and filter executable files from reaching the end users.
  • Ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans.
  • Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary. 
  • Configure access controls including file, directory, and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares. 
  • Disable macro scripts from Microsoft Office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office suite applications
  • Develop, institute and practice employee education programs for identifying scams, malicious links, and attempted social engineering.
  • Have regular penetration tests run against the network. No less than once a year. Ideally, as often as possible/practical.
  • Test your backups to ensure they work correctly upon use.

Conclusion

Since this kind of cyber attack is today’s number one cyber peril due to the damage it causes, the above countermeasures are must. More importantly a robust IT security mechanism should be established to ensure prevention and effective monitoring of IT security measures.

For any queries or further assistance, you may get in touch with us through anup.nair@rsmindia.in

How can we help you?

Contact us by phone +91 22 6108 5555 or submit your questions, comments, or proposal requests.

Email us