This weekend saw a new wave of ransomware attack, the attack broke news headlines worldwide due to its use of a Windows exploit that seemingly many organisations had failed to deploy to their networks. This blog is to advise how you can protect your clients network against the current threat, next week we will follow up with a further blog providing more information on what can be learnt from the experience and how best to protect against future versions of ransomware.
Existing partners and your customers
For those customers that are part of our Unlimited support packages you can check monthly reports to confirm that the SMB v1 vulnerability has been patched, this is just for peace of mind as our engineers have been working around the clock since the WannaCry virus appeared to ensure that any machines that haven’t had this specific patch have got them.
Further work will go on to identify which customer networks no longer have a requirement for SMB v1 and this will be switched off where possible. More information on the depreciation of SMB v1 can be found here.
The SMB v1 vulnerability simply helped the virus spread, it does not stop the virus from performing normal ransomware encryption tasks. Customers employees should be reminded to remain vigilant and not to open any emails that look suspicious and ask the employee to open attachments or click links. These should be reported to the helpdesk for investigation.
Protecting against WannaCry ransomware
Patch your networks - Firstly ensure your network is protected with the SMB v1 vulnerability patch. The patch for all supported Windows versions is here.
Disable SMB v1 - As mentioned in the above, work towards disabling SMB v1 in your customer networks. All Windows versions since 2003 and XP have alternatives to SMB v1 but may still be using it to connect to printers and other network devices so check these before disabling.
Ransomware is distributed by email; spam filters range from very inexpensive to more costly options. Those more costly options perform much more in depth scanning of emails to ensure the content is safe, Uptime Solutions offers both platforms but it is important to make sure your customers understand that with anti-spam you really do get what you pay for.
Web filtering – All ransomware needs to call home, to first download the viral code and then to exchange encryption keys. Having web filtering in place and ensuring that firewalls are locked down so that machines are only able to access the web via web filtering is a good way to stop ransomware entering into your network. The web filtering antivirus vendors now have effective ways of detecting newer ransomware versions, known as zero day attacks.
Antivirus – Having a reputable desktop antivirus to detect and stop zero day attacks is imperative to stopping ransomware in its tracks. It is the last point of defence in today’s multi-layer approach that is needed to stopping ransomware.
While there is no guaranteed method to stop all new threats, a multi-layered approach to network security, frequent patching and user vigilance will go a long way to protecting your network without the need for huge investments.
If you have any questions for the team, please don’t hesitate to call us on 0203 764 7688, or leave us a message on our contact page.