How to Protect Your Agency Against WannaCry-Style Ransomware Attacks
As the worldwide fallout of the WannaCry ransomware virus continues and the blame game starts, the worldwide attack underscores the need for basic security hygiene, updating of operating systems, and regular patching writes DLT Chief Cybersecurity Technologist, Don Maclean.
Unpatched software is one of the most significant vulnerabilities in the enterprise. Even though Microsoft released the original patch for supported operating systems in March, many Windows systems remained unpatched two months later!
Failure to roll-out patches isn’t just sloppiness or neglect on the part of IT admins, it stems from a wider challenge faced by many large enterprises. Writing for Forbes, Jason Bloomberg stresses that because many enterprises have complex IT environments, it can take time to implement patches, often months. And it’s a risk they are willing to take in order to carefully test and make sure security updates don’t break anything else. “In other words, the default assumption for such enterprises is their IT environment is dangerously fragile – so fragile that even a high priority patch might take months to approve and deploy.”
Even with the patches in place, Microsoft has advised its customers to use vigilance when opening documents from untrusted or unknown sources and is continually monitoring and updating Office 365 accounts to protect against these kinds of threats.
How can government agencies avoid future WannaCry attacks?
If you think you’re vulnerable or you have doubts about your patch management, download and install the security updates now. Then find a security solution that automatically stops threats across the attack lifecycle.
For example, DLT partner, Palo Alto Networks protects its customers through its Next-Generation Security Platform which employs a prevention-based approach that protects customers from WannaCry ransomware through multiple complementary prevention controls. You can read more about it in this blog from Palo Alto Networks, but in summary, these controls include:
• WildFire classifies all known samples as malware, automatically blocking malicious content from being delivered to users.
• Threat Prevention enforces IPS signatures for the vulnerability exploit (CVE-2017-0144 – MS17-010) used in this attack: SMB vulnerability – ETERNALBLUE.
• URL Filtering monitors malicious URLs used and will enforce protections if needed.
• DNS Sinkholing can be used to identify infected hosts on the network.
• Traps prevents the execution of the WanaCrypt0r malware on endpoints.
• AutoFocus tracks the attack for threat analytics and hunting.
• GlobalProtect extends WildFire and Threat Prevention protections to remote users and ensures consistent coverage across all locations.
Get more tips and best practices from our cybersecurity blogs.