- Ensure spam filters are configured to block .scr, .bat, and macro-enabled Microsoft Office documents.
- Apply the latest security updates from Microsoft and install future updates as soon as they are released.
- Disable SMBv1 via Group Policy Objects (GPO), if possible.
- Block port 445 using a hard firewall rule, in addition to blocking third parties with direct network access from port 445 access, to prevent the worm from tunneling from a partner’s network.
- Disable remote desktop on internal machines (RDP), if possible.
- Configure IDS and IPS systems to look for the signatures provided by the FBI, CERT, and other authorities relevant to WannaCry.
- Do not open attachments in emails from senders you don’t know.
- Block inbound Microsoft Office document attachments that contain macros; and
- Enable the “Show file extensions” option on your computer. This will make it much easier to identify malicious files. Do not open files with extensions such as “.exe,” and “.vbs.
If you think your computer has been hit with the Petya ransomware, stop using your computer immediately and disconnect from the network.
If you would like an independent audit of your system conducted or if you have any questions, please contact your account manager, primary engineer or reply to this email.
Thank you for being a technology partner with Entec Systems. We will keep you posted of any changes.