PATCH YOUR STUFF! Ms17-010, that fun little exploit leaked by the most recent ShadowBrokers dump, has been making the rounds in the worst way. WannaCry ransomware is everywhere. Get your backups in place. NOW! And don’t put them on the same network.
Countries around the globe have been hit by a massive ransomware attack that has already earned 100 bitcoins. It started early this morning when hospitals in the UK were struck. There were confirmations that a telecom and businesses in Spain were also hit.
Two hours ago, judging by the tweet storm, Russia, Israel, the US and 70 other countries were all infected.
Kevin Beaumont or @gossithedog on Twitter has recommended, in addition to patching your stuff, because Microsoft had this patch available before this happened and we know, WE KNOW, that attacker move this fast:
Make a group policy for the Windows firewall. Block SMB between all endpoint PCs. Limit between servers that need. So that way if you miss a patch in future ( but you won’t after today will you?) or if AV doesn’t work, then you can really make it harder for the ransomware to spread. Buying you time to control and contain.
Which prompts me to ask: How is your IR plan? Is it geared to cyber events like this? And oh yeah, do you have DR/ BCP cuz you sure as heck are going to need that ready to roll out. And – have you set up a policy on who says what for crisis communications? Because you really want to control how that happens too.
If you answered no to any of the above, just get on it now. Because you don:t know who is gonna get hit next on this round of rushin’ roulette.