CONTINUE TO SITE »
or wait 15 seconds

News

Wanna stop WannaCry? Take these 3 steps

May 15, 2017

Since its discovery on Friday, May 12, the WannaCry ransomware attack has continued to spread, according to numerous media accounts.

According to European authorities, it has affected more than 10,000 organizations and 200,000 individuals in more than 150 countries.

Although steps have been taken to slow the spread of this malware, new variations are surfacing, according to Gartner Research Director Jonathan Care, who outlined the steps that cybersecurity professionals must take immediately.

First and foremost, Microsoft users must apply the MS17-010 patch. Anyone who doesn't have the patch and has TCP port 445 open will be hit by ransomware.

With the patch installed, here are the three next steps to take:

1) Focus on the root cause — Microsoft Windows XP, an OS that has been hit hard by WannaCry, can be embedded into key systems as part of control packages. This means that vulnerable firmware may be neither accessible nor under your control.

Where you have embedded systems, ensure that your vendor can provide an upgrade path as a priority. Do this even if you use another embedded OS, such as Linux or other Unix variants, as it's safe to assume that all complex software is vulnerable to malware.

2) Isolate vulnerable systems — Systems that have not yet been affected by malware are still vulnerable. It’s important to realize that vulnerable systems are often those on which we rely most.

A useful temporary fix is to limit network connectivity — identify which services you can turn off, especially vulnerable services such as network file sharing.

3) Stay vigilant — Make sure that malware detection is updated. Check that intrusion detection systems are operating and examining traffic. Ensure that user and entity behavior analytics, network traffic analysis and security information, and event management systems are flagging unusual behavior, that issues are being triaged, and that incident handlers are responsive.

Bear in mind that additional resources may be required to handle the volume of incidents, liaise with law enforcement agencies and field questions from the public (and possibly the media). Keep technical staff focused on resolving key issues and let someone else answer external questions.

After the crisis, there will be time to learn lessons. At that point, organizations should review vulnerability management plans; reexamine approaches not only to protection, but also to detection capabilities; perform additional threat modeling; and consider carefully what risks you can afford to tolerate and assess your cloud security. You may also want to assess your cloud security.

For additional information, read the Gartner blog "Three Things to Do Immediately in the Wake of Wannacry."

 

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf

Software
Top 10 ATM software solutions
Software
Examining the past, present and future of XFS
Commentary
ATM features: 5 to include
Special Report
2024/25 ATM & Self-Service Software Trends
Presented by KAL ATM Software GmbH
Recent Posts
2 individuals accused of ATM robbery in San Antonio
Bank of Charles Town to change name to Potomac Bank
Eurasian Bank selects Diebold Nixdorf's self-service software
First National Bank to open 30 branches
Romanian man arrested for alleged cash trapping ATM scheme


©2025 Networld Media Group, LLC. All rights reserved.
b'S1-NEW'