Ransomeware WannaCry 19 May 2017 Ransomeware WannaCry Source: Symantec

Advisory for implementing mitigating controls against Wormable Ransomware Featured

As you would be aware, a self-propagating ransomware (WannaCry) outbreak has disrupted several organizations globally. We hope the IT systems implemented at your end are safe and secure against this and such threats, and the required mitigating steps would have been taken in this regards by your organization. 

Towards the same, kindly refer the enclosed advisory issued by the Reserve Bank of India, Cyber Security and Information Technology Examination (CSITE) cell on May 13, 2017 vide advisory no. 8/2017. The advisory refers to an Indian Computer Emergency Response Team (CERT-In) issued advisory CIAD20170024 dated May 13, 2017, which elaborates the details about the subjected ransomware and the recommended preventive measures. The advisory also refers the CERT-In vulnerability note CIVN20170032 issued on March 15, 2017. This note details the Microsoft vulnerability which is getting exploited by this ransomware. Enclosed herewith are all the above mentioned three advisory notes for your reference and required action.

Some of the key mitigation steps which we would recommend implementing on priority are enumerated below:

  • Apply patches to Windows systems (servers as well as end user computers) as mentioned in Microsoft Security Bulletin MS17-010
  • Maintain an updated antivirus software on all systems
  • Update signatures/rules at Intrusion Detection System/Intrusion Prevention System and Security Incident and Event Management (SIEM) to ensure detection and prevention of malicious traffic
  • Educate users about safe web browsing practices and email usage
  • Implement strict external device (USB drive, CD etc.) usage policy

The same has also been published on the Cyber Swachhta Kendra website: http://www.cyberswachhtakendra.gov.in/alerts/wannacry_ransomware.html

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.