Client Support Services

Client Access:  http://support.lanairgroup.com Use the Customer Portal for the following:
  • Create Service Tickets with our Support Team.
  • Access a Knowledge Base of all historical Service Tickets for your company.
  • Review past invoices.

Remote Access:   http://msp.lanairgroup.com
  • Access your machine remotely and transfer files to and from your machine from any PC.

Live Remote Assistance*  How it works
*requires assistance from a Lanair support technician to use this service. Please call 877.LANAIR1 (877.526.2471) to reach one.

LANAIR Blog

Recommendations To Protect Against WannaCry Ransomware

Posted by Brian Dooley on Jun 30, 2017 4:41:57 PM

Find me on:

The WannaCry ransomware attack is one of the first large scale attacks that utilize a weaponized version of the system exploits leaked by the Shadow Brokers hacking group from the United States NSA in 2016.

The WannaCry attack utilizes one of the tools from the Shadow Broker’s fifth leak to the Internet named EternalBlue. This tool was reportedly designed by the NSA to exploit a vulnerability in most Microsoft operating systems that was unknown to security professionals and Microsoft.

The NSA presumably utilized EternalBlue as an offensive weapon to protect national security interests. The vulnerability that it targets was not disclosed to Microsoft or the public though the industry standard channels. 

WannaCry Ransom Screenshot.png

WannaCry Ransom Screenshot

Microsoft release a patch for all supported Windows operating systems in March 2017 through the normal channels. In May 2017, Microsoft release a patch for two unsupported Windows operating systems (Windows XP and 2003) due to the severity for the vulnerability and reach of the WannaCry attack.

Recommendation

In order to protect the network from the WannaCry attack, The LANAIR Group recommends the following:

  • Ensure that all Microsoft patches form March and May have been applied
    • Specifically those listed in MS17-010
  • Disable the SMBv1 protocol if it not used on all servers and workstations
  • Configure the internal firewalls or networking devices to block the SMBv1 protocol between physical sites and networking subnets if not required for business functions
  • Ensure that the perimeter firewall is has the Intrusion Prevention System (IPS) and Gateway Antivirus (GAV) systems enabled
  • Initiate a network wide system vulnerability scan such as Qualys
    • Verify that the DOUBLE PULSAR backdoor is not present on the network

When Possible

  • Configure the security polices of Microsoft system to best practices
  • Segment the network to isolate critical systems and enforce access control lists on the network devices
  • Install IPS devices between the end users and the critical servers/data
  • Configure the perimeter firewall to scan within SSL encrypted traffic
  • Configure the perimeter firewall to limit outbound Internet access to unknown locations and data types
  • Upgrade or replace all Microsoft operating systems that are not in mainstream support
    • For those that cannot be upgraded, consider installing an IPS device between the system and the network

Sign up to get more information about LANAIR Security Services

---

Resources:

Topics: Cyber Security, Cyber Attack, Ransomware, WannaCry

Subscribe to Email Updates

Posts by Topic

see all

Follow Me