Tips to stop WannaCry ransomware type attacks

wannacry-ransomware-decrypt-unlock-files

In the last few days, WannaCry ransomware shut down businesses across 150 countries and infected hundreds of thousands of machines, making it the largest ransomware attack in history.  You might find these tips helpful to protect against future WannaCry ransomware  attacks.

General Protection Tips These tips are used to protect IT environments and thwart crypto WannaCry ransomware threats and attacks.

1. Make sure that endpoint security is installed and set up correctly. It is worth checking that the appropriate protection policies are active and applied to the correct user groups or however policies are allocated.

2. Check regularly that backups are working. It’s vital to check that backups are working and that data integrity is maintained and data is easily restored to the host.

3. Ensure the latest Windows updates are applied. A number of infections are instantly ruled out if Windows is up to date. Reduce workload by putting in place a patching routine. This is a security fundamental.

4. Keep all plugins up to date. Keeping all third party plug-ins updated to their latest build is an important counter to exploits. Make this part of the patch management regime.

5. Use a modern browser with an ad blocking plugin. Modern browsers like Chrome and Firefox are constantly being updated to remove vulnerabilities. They also give the option to add BHOs or plug-ins that will make users more secure. At the most basic level, simply having a pop-up blocker installed and running can save a lot of users from getting infected.

6. Disable autorun. Autorun is a useful feature, but it is used by malware to propagate itself around a corporate environment. With the growth of USB sticks, malware increasingly uses autorun as a means of proliferation. Commonly used by Visual Basic Script (VBS) malware and worms, it is best to disable it as a Policy.

7. Disable Windows Scripting Host. VBS are Microsoft scripts used by malware authors to either cause disruption in an environment or to run a process that will download more advanced malware. Disable them completely by disabling the Windows Scripting Host engine that VBS files use to run.

8. Have users run as limited users and NOT admins. This is highly desirable from a security perspective but not always possible for power users. This tip is important because some current ransomware threats are capable of browsing and encrypting data on any mapped drives that the end user has access to. Restricting the user permissions for the share or the underlying file system of a mapped drive will provide limits to what the threat has the ability to encrypt.

9. Show hidden file extensions. One way ransomware like CryptoLocker and others frequently arrive is in a file named with the extension “.PDF.EXE” or something similar. The malware writer counts on the default Windows behaviour of hiding known file extensions. If full file extensions are visible, it is easier to spot suspicious files.

Team Discovery offer cyber security consultancy services for such attacks as WannaCry ransomware driven by the fact the we host email and websites for many clients.  If you need to ensure you are doing the right thing to protect yourself against future attacks get in touch via our contact page.

/by