Please read entire article and pass onto your users. With all the news about the Friday attacks around the world, we wanted to update all of you with the details. This Malware is taking advantage of the alleged NSA exploit called ETERNALBLUE that was leaked online last month by the hacker group known as The Shadow Brokers. This exploit takes advantage of a vulnerability in Microsoft Windows that was patched in Microsoft’s March security updates.
We have confirmed that all devices that are directly monitored by us have the March security updates installed. This includes all servers and workstations. Many of our customers only have their servers monitored, so we are unable to confirm that all workstations have successfully installed the March update. But, if you notice your computer has installed updates recently, chances are it is installed.
The biggest thing we can tell users is not to open any email attachments or click on any links if you do not know for sure the message was sent from a trusted source. This remains true for all different kinds of Malware that is sent out, not just this one that has been on the news. These types of messages are often caught with the SPAM and Virus filtering we provide to your mail server, or that Office 365 provides if we have your email setup there. But nothing is 100% fool proof.
The first line of protection to any of your networks is the Fortinet firewalls that we have installed on just about all of our contracted customers. If you do not have a Fortinet firewall in place, we have probably recommend it to you if you have a business network. We always make sure your firewall keeps the security subscription that gives you added protection that is updated daily with Intrusion Protection (IPS) and Anti-Virus definitions. The latest IPS definitions are blocking this exploit before it gets to any of your systems. See the complete Fortinet article below for their public response to Friday’s attack.
Anti-Virus software is the next step of protection for viruses, but does not always catch Malware like this quick enough. Most of our customers are using Vipre from ThreatTrack Security, see their full article below also.
If you have any questions or anyone runs into any problems with this issue, please power of your computer immediately and contact us.
Response from Fortinet: https://blog.fortinet.com/2017/05/12/protecting-your-organization-from-the-wcry-ransomware
Response from ThreatTrack: http://vavsupport.threattracksecurity.com/support/solutions/articles/1000249805