Home > Ransomware > Top 5 WannaCry Ransomware Mitigations to Adopt Now

Top 5 WannaCry Ransomware Mitigations to Adopt Now

The WannaCry (.WNCRY, Wana Decrypt0r 2.0) ransomware outbreak is definitely the scariest cybersecurity event of 2017. So far. The ransomware has compromised the systems of Telefonica in Spain, as well as multiple hospitals in the UK. It has also been affecting the National Health Services machines in England and Scotland.

As suggested by multiple sources, the NHS and possible other organizations as well have been hit because they were running unsupported Windows XP across thousands of computers.

Just a couple of days ago Kaspersky Lab pointed out that the attack “is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14.”

As we already wrote, EternalBlue and DoublePulsare are indeed the exploits used by the organization spreading WannaCry. The exploits were leaked online somewhere around the Easter holidays by The Shadow Brokers. This exploit is primarily addressing issues in Windows systems so anyone who is still not infected with this virus is strongly advised to back up their systems and then update it.

That being said, MS17-010 is a patch for newer versions of Windows as well, like Windows 7 and Windows 8.1, Windows Server 2008, Windows Server 2012 and Windows Server 2016 inclusive.

Since the ransomware is continuously evolving and altering its ways of distribution, the mitigations against it are more important than ever.

Don’t Block Domains Associated with WannaCry Ransomware

According to the British National Cyber Security Center:

Work done in the security research community has prevented a number of potential compromises. To benefit from this, a system must be able to resolve and connect to the domain below at the point of compromise.
Unlike most malware infections, your IT department should not block this domain.

In addition to not blocking WannaCry domains, security experts agree on 5 common mitigation steps that should be adopted by both home users and IT admins.

MS17-010 Should Be Installed

As explained by Microsoft, “the security update addresses the vulnerabilities by correcting how SMBv1 handles specially crafted requests”. It is extremely important that all system updates are installed once they are available. This is an excellent way to prevent infections triggered by the MS17-010 flaw. Keep in mind that if your system hasn’t been updated with this patch, it should be removed from all networks as soon as possible.

Emergency Windows Patch Should Be Installed

Apparently, Microsoft has issued emergency security updates for multiple operating systems that it no longer supports to help organizations protect themselves against the unstoppable WannaCry ransomware outbreak.

SMBv1 Should Be Disabled

According to the NSCS, if it is not possible to apply these patches, SMBv1 should be disabled. Here is how to do it.

SMBv1 Should Be Blocked

As an alternative method, SMBv1 ports should be blocked on network devices – UDP 137, 138 and TCP 139, 445 – as recommended by NCSC.

Complete Shut Down of Vulnerable Systems

If any of the solutions listed above are not available, the NCSC recommends terminating vulnerable systems.”If these steps are not possible, propagation can be prevented by shutting down vulnerable systems,” the organization suggested.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share