openPR Logo
Press release

Wannacrypt Ransomware – An Action Plan to Improve your Cyber Resilience Defenses

05-16-2017 10:50 AM CET | IT, New Media & Software

Press release from: OAK Consulting FZC

A Blog by Steven Malone, Director of Security Product Management at Mimecast

The global reach and considerable impact of the WannaCrypt (WannaCry/Wcry) ransomware is a wake-up call for organizations and governments around the world. This on-going cyber threat will continue to adapt to take advantage of weaknesses in IT systems and procedures. New variants of this malware may cause even more damage if you do not act immediately.

At Mimecast our first priority is to help protect our customers against the latest threats. Our services help protect email which has traditionally been the primary attack route for ransomware.

Early samples have revealed that the ransomware is spread over local networks and the internet by abusing Server Message Block (SMB) protocol weaknesses. Although no Wcry ‘smoking gun’ infection emails have yet been found, it is highly likely that future variants will use email.

This short guide is designed to help all organizations complete a review of network security, backup and business continuity systems and processes.

We are also providing additional insights into how to make easy and quick configuration changes to ensure your Targeted Threat Protection solution is optimized. As many of you already know, a comprehensive “defense in depth” strategy is the best approach to mitigation of current and future variants of Wcry and other ransomware.

Patching
Every organization must ensure its IT systems are regularly updated. Microsoft security updates are released on the second Tuesday of each month (Patch Tuesday).

Microsoft released a security update back in March which addresses the vulnerability that Wcry is exploiting. For those organizations who have not yet applied the security update, you should immediately deploy Microsoft Security Bulletin MS17-010.

If you are using a legacy, now unsupported version of Windows, you should consider upgrading immediately. However, if this is impossible in the short term, Microsoft has taken the unusual measure of releasing a security patch that can buy you time to upgrade.

Microsoft has provided its own detailed guidance to defend against Wcry here.

Network hardening
Good security practice dictates removing or disabling unnecessary services to reduce the potential attack surface.

WannaCry has spread quickly by abusing vulnerabilities in Server Message Block network protocol.
Unless you have a very good reason not to, disable the SMBv1 protocol on your network, while also ensuring SMB cannot be directly accessed from the internet.

Disable or block other legacy protocols on your network that you are not using.

Email security: Mimecast’s Ransomware Defense
For customers of Mimecast Targeted Threat Protection, we advise a number of activities:
URL Protect - configure a policy in line with our best practice guide in Mimecaster Central. Ensure a policy is applied to all users. Rewriting all URLs to scan for unsafe content at time-of-click is the best approach to preventing inbound URL-based phishing.

Attachment Protect – configure the “Safe Files” option for all users to ensure inbound Microsoft Office files are converted to a safe and benign format. For users who require editable documents, ensure Attachment Protect’s sandboxing is configured. Refer to the best practice guide in Mimecaster Central for details.

Internal Email Protect – this service provides protection for URLs and attachments in both outbound email and also mails sent internally. Ensure policies are applied to all users and ensure remediation capabilities are enabled. Refer to our best practice guide for configuration recommendations.

Mimecast customers using Mimecast’s secure email gateway, we advise using the most up to date attachment management definition as there are reports of executable files masquerading as Excel files with an administrator hold on dangerous files types. This in conjunction with the Suspected Malware policy with the ability to hold Office files containing macros provides another layer of detection, but does not provide the analysis provided by Attachment Protect.

Mimecast’s ARMed SMTP (Advanced Reputation Management) combines malware, reputation and anti-spam checks to reject unwanted email.

Since a very high percentage of ransomware is spread by email attachments, we urge organizations to consider using sandboxing and/or safe file conversion services.

DNS authentication capabilities such as DKIM and SPF can help stop attackers from spoofing or hijacking the email domains of trusted senders, thus effectively taking away one method attackers use to fool their intended victims. DMARC, the combination of these two services adds an extra layer of defense.

To learn more about Mimecast’s DMARC implementation and DNS Authentication policies please check out this document in Mimecaster Central community.

Data backups and business continuity
Preventive measures alone can’t keep up with the fast-evolving nature of ransomware attacks and as this attack highlights, there are many ways for an infection to enter an organization.

It’s vital you regularly backup critical data and ensure that ransomware cannot spread to backup files. Ransomware can take time to encrypt large volumes of files, particularly across a network share. It is imperative to ensure your back-up window is long enough to go back before any infection begins.
Backup & recovery measures only work after an attack, and cost organizations in downtime and IT resources dealing with the attack and aftermath.

Organizations must be able to continue to operate during the infection period and recover quickly once the infection has been removed.

Should firms ever pay a ransom?
We advise organizations never to succumb to the pressure to pay the ransom to regain access to their applications and data.

There is no guarantee this will unlock files and further motivates and finances attackers to expand their ransomware campaigns.

About Mimecast: Mimecast (NASDAQ: MIME) makes business email and data safer for 24,900 customers and their millions of employees worldwide. Founded in 2003, the company's next-generation cloud-based security, archiving and continuity services protect email and deliver comprehensive email risk management.

Conrad Offices, 19th Floor
Sheikh Zayed Road, Dubai

This release was published on openPR.

Permanent link to this press release:

Copy
Please set a link in the press area of your homepage to this press release on openPR. openPR disclaims liability for any content contained in this release.

You can edit or delete your press release Wannacrypt Ransomware – An Action Plan to Improve your Cyber Resilience Defenses here

News-ID: 537876 • Views:

More Releases from OAK Consulting FZC

FarEye launches its Delivery Experience Suite – ‘Delight’
Dubai, United Arab Emirates, July 5, 2018: FarEye, a leading global digital logistics platform today announced the launch of its Delivery Experience Suite – ‘Delight’ that helps businesses increase their Delivery Happiness Score – the ultimate measure of customer success. It enables businesses to provide a seamless and personalized experience to the customers. FarEye is a leader in B2C logistics technology and is widely used by global giants like Walmart, DHL,
FarEye expands its footprint in the European market with the launch of its regio …
Dubai, United Arab Emirates, June 24, 2018: FarEye, a leading global digital logistics platform, today announced the opening of its first European office in the heart of London with an aim to expand its business foothold in the region and to serve its customers directly. With a total of 6 corporate offices in India, Dubai and Singapore, FarEye currently serves customers in over 20 countries. FarEye has revolutionized the logistics
Digital Shadows announces its Digital Risk Management Technology Ecosystem
Digital Shadows announces its Digital Risk Management Technology Ecosystem
Dubai, UAE, October 24, 2017 – Digital Shadows, the industry leader in digital risk management, today announced the launch of its Digital Risk Management Technology Ecosystem. Formed from almost a dozen technology companies, with more expected to join in the coming months, they all share a vision for how security analytics and security information and event management (SIEM), product orchestration and automation, risk & compliance, intelligence and network enforcement, must
Ring partners with Al Jammaz to provide smart home security for Saudi Arabia
Riyadh, Saudi Arabia – October 18, 2017: Ring, the leader in smart home security recently announced a partnership agreement with Al Jammaz Distribution, the leading Saudi based Value-Added Distributor, which distributes advanced technology products, solutions and services. This partnership will help Ring foray and expand its reach across the Saudi market offering customers Ring’s innovative home security products and solutions. “Ring believes in keeping homes and communities safe rather than

All 5 Releases


More Releases for Mimecast

Secure Email Gateway Market Shaping from Growth to Value | Cisco, Microsoft, Mim …
A Latest intelligence report published by AMA Research with title “Secure Email Gateway Market Outlook to 2026. A detailed study accumulated to offer Latest insights about acute features of the Global Secure Email Gateway market. This report provides a detailed overview of key factors in the Secure Email Gateway Market and factors such as driver, restraint, past and current trends, regulatory scenarios and technology development. A thorough analysis of these
Mimecast Opens Early Adopter Program for New Web Security Service
Dubai, UAE – July 18, 2018 – Mimecast Limited (NASDAQ: MIME), a leading email and data security company, today announced the launch of its early adopter program after conducting a successful private beta for the new Domain Name System (DNS) Security Gateway solution. The Mimecast DNS Security Gateway cloud-based service guards against malicious activity initiated by user action or malware while blocking access to websites deemed unsafe or inappropriate based
New Mimecast Report Detects 400% Increase in Impersonation Attacks
Dubai, United Arab Emirates, June 11, 2017 – Mimecast Limited (NASDAQ: MIME), a leading email and data security company, today announced the most recent quarterly release of the Mimecast Email Security Risk Assessment (ESRA), a test which measures the effectiveness of email security systems currently in use by thousands of organizations globally. In its second quarterly assessment, Mimecast found that both known and unknown attacks, as well as spam, are
Archiving Software Market Size, Status And Forecast 2022 : HPE, Veritas, Proofpo …
This report studies the global Archiving Software market, analyzes and researches the Archiving Software development status and forecast in United States, EU, Japan, China, India and Southeast Asia. This report focuses on the top players in global market, like HPE Veritas Proofpoint Mimecast Dell Technologies Global Relay Smarsh Get sample report @ http://bit.ly/2sjoafA Market segment by Regions/Countries, this report covers United States EU Japan China India Southeast Asia Market segment by Type, Archiving Software can be split into Email Archiving Software File and Other Archiving Software Others Market segment
Mimecast and PhishMe Collaborate to Improve Cyber Resilience
Dubai, UAE, June 06, 2017 – Mimecast Limited (NASDAQ: MIME), a leading email and data security company, has collaborated with PhishMe® to integrate their expansive security educational content to help organizations improve employee awareness of common email-borne attacks. The power of Mimecast and PhishMe together provides customers with enhanced cyber resilience against the latest spear-phishing, ransomware, and impersonation attacks that are plaguing organizations today. Through this partnership, organizations can
Mimecast Chief Security Strategist Spoke at RSA Conference 2016 Abu Dhabi
Dubai, UAE – December 9, 2016 – Mimecast Limited (NASDAQ: MIME), a leading email and data security company, today announced that its Chief Security Strategist, Steven Malone, spoke at RSA Conference 2016 Abu Dhabi, which took place from 15-16 November 2016 at Emirates Palace Hotel, Abu Dhabi. Steven Malone discussed how ‘91 Percent of Cyberattacks Start with Email: Addressing “Human Firewall” Flaws’. His session explored top attack vectors such as