First, the basic facts about the recent ransomware attack:
- US-CERT has received multiple reports of WannaCry ransomware infections in several countries around the world.
- Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee access will be restored. Ransomware spreads easily when it encounters unpatched or outdated software.
Second, check your systems:
- The WannaCry ransomware may be exploiting a vulnerability in Server Message Block 1.0 (SMBv1). For information on how to mitigate this vulnerability, review the US-CERT article on Microsoft SMBv1 Vulnerability and the Microsoft Security Bulletin MS17-010.
- Users and administrators are encouraged to review the US-CERT Alert TA16-091A to learn how to best protect against ransomware.
- US-CERT asks that you report any ransomware incidents to the Internet Crime Complaint Center (IC3).
Third, check your hygiene:
- Stay up to date on software updates and patches.
- Educate personnel to be sensitive to malicious threats.
- Test users to make sure they will be appropriately skeptical of incoming emails and, if necessary, discipline users who are repeat offenders and threaten the security of your network.