Undoubtedly you've seen the news about the spread of the WannaCry / WannaCrypt ransomware threatening businesses and government entities across the globe.
WannaCry is a variant of malware referred to as "ransomware." The way ransomware works is the perpetrator encrypts victims' files and then demands payment in exchange for a decryption key. Once the victim has the decryption key, it can be used to get their data back. This latest ransomware threat originated from last month's disclosure of an NSA toolset. It included, among other things, information about a Microsoft Windows vulnerability called ETERNALBLUE (MS17-010). This ETERNALBLUE vulnerability exists in the unpatched versions of Microsoft's Server Message Block 1.0 (SMBv1) protocol.
WannaCry, Locky, Dridex — the names may change, but there are certain steps everyone should take to protect themselves from ransomware. Corserva is staying on top of all the latest threats, protecting our clients from ransomware, phishing attacks, and malware, now and in the future.
We recommend the following preventive measures for all businesses:
Patching — Should be performed on a consistent basis. Perform software updates and apply patch releases on operating systems, software, and firmware on all devices. Microsoft Windows patching is part of Corserva's Proactive managed solution. Clients that subscribe to this service are protected from exploits, such as WannaCry, shortly after Microsoft makes patches available. Third party patching for things such as Java, Adobe Flash, or hardware drivers are an additional level of support.
Web Filtering — Many malware instances either come in directly from infected websites, or use the web as a communication channel where a vulnerability is exploited in such a way as to allow the download of an execution of malignant code. With web filtering, you have a defense against employees visiting known bad websites or malware “phoning home.” Corserva’s managed firewall solutions include web filtering.
IDS/IPS — Intrusion detection and prevention systems are a bit more advanced, providing additional protection of your network and assets. Corserva’s managed firewall solutions include this advanced level of protection.
Backups — The absolute best way to protect yourself from ransomware events are regular backups. Don’t forget that data and system recovery tests must be performed on a regular basis also. The only thing worse than losing your data to ransomware is losing it because a backup does not have the files you expected it to have. Corserva offers a variety of backup plans where your data can be backed up to a physical appliance at your site, to our own data centers, or some combination.
Email Scanning — All incoming and outgoing emails should be scanned to prevent threats reaching end users. Corserva offers a best in breed email security solution.
Anti-virus & Anti-malware — You should have anti-virus and anti-malware programs in place, performing regular scans on all workstations, laptops, and servers. This service is part of Corserva's Proactive solution, which includes anti-virus and anti-malware.
Corserva provides customized security solutions to address security risks in your network, both those originating externally and internally. Our goal is to create effective security solutions that are realistic and structured to your unique business needs.
To find out if your network is truly secure, sign up for a network security assessment report.