How to protect against WannaCry and future ransomware attacks
On Friday 12th May 2017, up to 100 countries around the globe were struck with a ransomware attack using WannaCry - software that exploits a vulnerability in Windows to implement criminal ransomware.
Over 40 NHS trusts in the UK were victim to the attack, meaning critical services had to be ground to a halt whilst systems were down and a resolution was looked into.
Ransomware is a malicious type of software that takes control of your systems and blocks access until a sum of money is paid. Ransomware is particularly venomous due to the way it aims to target organisations who cannot afford to be without their IT services and therefore heightens the possibility of the ransom being paid.
Although many systems are back up and running, British Intelligence officials have warned that organisations should brace themselves for further attacks this week on a significant scale, as over 1.3 million companies still appear to be at risk.
It is evident that the main cause of this attack was due to the vulnerability in the number of organisations running on outdated Windows systems. Although cyber attacks can happen on many levels, it is first vital to ensure that all systems are up to date and are still supported by the developer.
Unfortunately, the events of last week served as a tough lesson in that many organisation’s cyber security strategies are not robust enough, and further measures need to be put in place to beat cybercriminals.
Furthermore, human error remains the number one threat to cybersecurity for an organisation, with many businesses not investing in the training of their staff to ensure they can detect against malicious email, web pages or links.
When it comes to checking your current system capabilities to protect against this and any future cybersecurity attack, Smoothwall’s Head of Product Phil Smith explains, “Smoothwall advocates the use of Bitdefender anti-malware detection as part of our solution. Bitdefender is a world-class and leading anti-malware provider, and has signatures to detect for WannaCry ransomware (see their statement here.)
“Smoothwall customers licensed for Anti-Malware will get signature updates every hour, ensuring their systems are up to date.
“Smoothwall customers should check that their filtering policies are set to scan for non-safe content (the default policy rules) to ensure they are protected. For customers that run the Smoothwall firewall, we would always recommend only opening ports that are absolutely necessary.
Customers should check their firewall rules to ensure ports 445, 135, 137, 138 and 139 are blocked.
Finally, if you follow Microsoft's advice to tackle WannaCry by disabling SMB1 on your domain controller, you will need to update your Smoothwall to our Inverness release to allow authentication of users to continue.”
A Smoothwall Knowledge Base article on how to protect against Ransomware can be found here.
This includes advice on how to use your web filter, HTTP decrypt and inspect, anti-malware and firewall to give you a multi-layered approach to ransomware prevention.
For further help, videos that show how to configure the Smoothwall firewall can be found on the SmoothwallTV YouTube channel. If you’re interested in licensing Smoothwall’s Bitdefender anti-malware engine, please contact us today.