5 Immediate Steps to Take to Mitigate a WannaCry Attack

Thousands of computer users in more than 150 countries were confronted with a screen demanding $300 to restore their files on Friday, May 12, 2017. The ransomware attack by WannaCry software hit Europe and went on to hit Japan and China. Infected organizations include the national public health service in Britain, government servers in Russia and international shipping giant FedEx.

The number of victims in the U.S. is “very small,” according to the Department of Homeland Security, but the number could grow. The scope of the attacks varies from a few computers at organizations to larger networks. The department and the global security community are in a race against hackers as new variations of the WannaCry software emerge that thwart previous fixes.

What to Do Now   

According to the U.K. National Cyber Security Center, computer emergency response teams and security experts, businesses and organizations worldwide need to ensure that the following five mitigation strategies are in place:

1. Install MS17-010. Install the MS17-010 fix and all available OS updates issued by Microsoft in March 2017 to prevent getting exploited by the MS17-010 vulnerability. Any systems running a Windows version that did not receive a patch should be removed from all networks.
2. Install emergency Windows patch. Microsoft has issued one-off security fixes for three operating systems that it no longer supports: Windows XP, Windows Server 2003 and Windows 8.
3. Disable SMBv1. If it is not possible to apply either patch, disable SMBv1. Refer to guidance from Microsoft for doing so.
4. Block SMBv1. Block SMBv1 ports on network devices — UDP 137, 138 and TCP 139, 445.
5. Shut down. If none of those options are available, shut down your computer. Propagation can be prevented by shutting down vulnerable systems.

If you are the victim of a ransomware attack, report the cyber incident to the US-CERT and FBI’s Internet Crime Complaint Center and contact your FBI Field Office Cyber Task Force immediately to report a ransomware event and request assistance. These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cybercrime.

Risks Ahead 

The WannaCry attack and code involves a worm that targets the SMB flaw in Windows in order to install WannaCry ransomware. Since this has become public, other ransomware gangs can easily use the SMB-targeting worm to install their own ransomware on computers and networks.

On Monday, May 15, Disney CEO Bob Iger said hackers claiming to have access to one of Disney’s unreleased movies were demanding a large ransom to be paid in online currency Bitcoin. This follows another recent cyberattack on Netflix that led to episodes of a show being leaked ahead of release.

Ransomware is just one type of malware — software that is intended to damage or disable computers and computer systems — and its use is on the rise. From 2012 to 2015, malware incidents jumped 300%, according to the 2016 Verizon Data Breach Investigation Report.

Ongoing independent assessments of your organization’s vulnerabilities are critical for measuring your security posture and giving stakeholders peace of mind.

For questions or assistance, contact our experts.