On Saturday 13 May 2017, the Federal Bureau of Investigation (FBI), Cyber Division, in conjunction with the Department of Homeland Security, issued an FBI FLASH report pertaining to indicators associated with the latest version of WannaCry ransomware (also known as WannaCry, Wry, or Wanna Decryptor), that was discovered early morning 12 May 2017 and which is now affecting organizations in more than 100 countries around the world. Hackers behind this campaign are gaining access either through remote desktop protocols (RDP) or through the exploitation of a critical Windows SMB vulnerability. While the first of the high-profile targets of the attack occurred among health services in Britain, it spread to computers running hospitals, schools, factories, banks, government agencies, transport systems, and others and continues to be felt today globally.
The FBI FLASH provides recommended steps for prevention—and can be shared with relevant members of your organization.
Prevention is the most effective defense against ransomware and it is critical to take precautions for protection. Preventive measures should include:
- The implementation of awareness and training programs among your employees.
Enabling strong spam filters to prevent phishing emails from reaching end users.
Scanning of all incoming and outgoing emails to detect threats.
Configuration of firewalls to block access to known malicious IP addresses.
Use of a centralized patch management system.
Management of privileged accounts.
The K2 Intelligence Cyber Defense team stands ready to assist you and your teams should preventative measures fail and infection with ransomware is detected. To reach the team directly, email firstname.lastname@example.org.