In May, at least 200,000 organizations in 150 countries including hospitals, transformation systems and factories were infected with “WanaCrypt0r” ransomware-malware, a self-spreading virus which took advantage of vulnerabilities in the Microsoft server and desktop operating systems. Even though the attack was soon resolved by a British security analyst who found the kill switch and immobilized the virus, the next ransomware is just around the corner and could be far worse.
This attack underscores the fact that making minor investments in your operating environment, endpoints, security tool sets, and management processes can save your organization exponentially more in case of an attack. The vulnerabilities leveraged were patched by Microsoft back in March, which if companies had been deploying regular updates to their systems, they would not have been vulnerable.
This is not the first and certainly not the last example of a similar malware moving throughout unprotected systems. In addition to applying the patch that Microsoft developed, there are several ways companies could have protected themselves from this attack including:
- Disable SMB 1 (the current version is SMB 3.1.1). SMB 2.0 was released in 2006
- Apply additional Phishing controls, such as Exchange ATP
- Deploy Windows 10 ATP
- Use OMS to detect servers still running older versions of SMB or NTLM
Concurrency can help secure your organizations end points and operating system before the next major hack occurs. To learn more, please click here