The internet was put in shambles some days back by a ransomware affecting about 74 countries worldwide. The ransomware called wannacrypt or wcry attacks his victim systems as a worm infecting and holding every file it can find hostage. Think of it as an arm robber kidnapping someone close to you and demanding for some amounts before they can be released. It charges $300 or $600 in Bitcoin to restore the documents. It is adept at bringing offices and homes to a halt by locking away their data. This makes your systems unusable.
The ransomware infected hospitals, businesses, rail stations, FedEx, Universities and more organizations. WannaCrypt is installed on vulnerable Windows computers by a worm that spreads across networks by exploiting a vulnerability in Microsoft's SMB file-sharing services. It specifically abuses a bug designated MS17-010 that Redmond patched in March for modern versions of Windows, and today for legacy versions – all remaining unpatched systems are therefore vulnerable and can be attacked.
To prevent such attacks on your network you should firewall off SMB ports 139 and 445 from the outside world, and restrict access to the service where possible on internal networks.
It's also advisable to update your windows security software such as windows defender or antivirus if you are using one. This is a preventative measure against this attacks as only systems without the windows patches can be infected.
It's always advisable to use the recent version of what ever OS or software you are using and also update your antivirus regularly to prevent any form of attacks!!
Source: Kaspersky Lab
The ransomware infected hospitals, businesses, rail stations, FedEx, Universities and more organizations. WannaCrypt is installed on vulnerable Windows computers by a worm that spreads across networks by exploiting a vulnerability in Microsoft's SMB file-sharing services. It specifically abuses a bug designated MS17-010 that Redmond patched in March for modern versions of Windows, and today for legacy versions – all remaining unpatched systems are therefore vulnerable and can be attacked.
To prevent such attacks on your network you should firewall off SMB ports 139 and 445 from the outside world, and restrict access to the service where possible on internal networks.
It's also advisable to update your windows security software such as windows defender or antivirus if you are using one. This is a preventative measure against this attacks as only systems without the windows patches can be infected.
It's always advisable to use the recent version of what ever OS or software you are using and also update your antivirus regularly to prevent any form of attacks!!
No comments:
Post a Comment