Ransomeware attack Hits across World- Wannacry

Are you aware of the recent Ransomware  attack on various organizations across the world. Yes a week ago there is a ransomware attack on the various parts of USA, Uk and Spain. As per the attacks some of the major companies are effected from this attack like Telefonica in Spain, FedEX is United states of America and National Health care in UK.

Wannacry named attack is fully aggressive onto the network and will encrypt the data stored in the network. The attack is coming from the internet and stored as a worm in the network.

Cisco already started Cisco Umbrella (OpenDNS) a first layer security and if the domain or malware trying to attack to the LAN network, OpenDNS blocks that domain. So it is called as first line of defense for the various enterprise networks. Some are already go with the Cisco Umbrella or so called the Open DNS. Although you have Firewalls in your network but many of the firewalls works after the attack. May sure you will take the necessary steps to avoid this.

Be aware the type of the attack and be alert and guide the people around you.

Fig 1.1 - Ransomware attack- Wannacry

It is predicted across the globe with the effect that this has a capability to scan over TCP port 445 and spreading very fast across the other major enterprise companies. It is also saw that various devices compromise and encrypt files on the network or the devices and asking for the payment in the form of Bitcoin. Organizations should ensure that devices running Windows are fully patched and deployed in accordance with best practices. Additionally, organizations should have SMB ports (139, 445) blocked from all externally accessible hosts.

When it does, it encrypts the data and locks out the owner until a minimum of $300 in bitcoin is paid. Some believe this could have been kicked off by the previously leaked NSA hacker tools. Below is the message shows on the various devices across the world 

Fig 1.2- Bitcoin Payment 

    Ensure all Windows-based systems are fully patched. At a very minimum, ensure Microsoft bulletin MS17-010 has been applied.
    In accordance with known best practices, any organization who has SMB publically accessible via the internet (ports 139, 445) should immediately block inbound traffic.

Additionally, organizations should strongly consider blocking connections to TOR nodes and TOR traffic on network. Known TOR exit nodes are listed within the Security Intelligence feed of ASA Firepower devices. Enabling this to be blacklisted will prevent outbound communications to TOR networks.