How to configure a firewall to block the WannaCry ransomware attack
The massive WannaCry ransomware attack, a form of malware, caused widespread damage globally in May 2017, affecting at least 150 countries and targeting banks, hospitals, and suppliers. telecommunications service providers and government organizations.
Hackers exploited operating system and zero-day vulnerabilities to launch these cyber threats. The infosec (information security) community has a lot of good security measures to protect against ransomware attacks, including ransomware firewall best practices, antivirus tools, and ransomware protection strategies. .
Let's take a closer look at what users need to know and the steps that can be taken to prevent this and other similar ransomware threats in the future!
Some basic information about WannaCry
The vulnerability that attackers are exploiting resides in the SMB component in Windows, part of the Microsoft operating system. Server Message Block (SMB) is a network protocol that provides file and printer sharing services in Windows systems. SMB can be used within a corporate network to share files and printers; however, it should never go beyond this network, especially through remote access over WiFi.
In fact, this is so strongly discouraged that in January 2017, the United States Computer Emergency Readiness Team (US-CERT) recommended blocking 'all instances of Server Message Block (SMB) at the network boundary by blocking TCP port 445 with associated protocols on UDP ports 137-138 and TCP port 139, for all devices in range', following multi-factor authentication best practices. This measure prevents the WannaCry attack and should be deployed on home and business firewalls, as part of Endpoint Protection measures.
How to prevent WannaCry ransomware attack
Configure all Perimeter Firewalls (or routers) (an imaginary virtual digital 'wall', set up on a network to keep out malicious actors) to block all access to port 445, like part of your cyber security strategy.
Some points to consider include:
- Configure this rule on your Perimeter Firewall (also known as 'boundary' firewall). This will prevent any SMB traffic, including malware and ransomware, from entering or leaving the corporate network.
- Some firewalls will only provide a 'Port' field - in this case configure the 'Port' field as described in the 'Destination Port' field above. Be sure to follow firewall best practices to block ransomware.
- For zone-based firewalls and endpoint security measures (such as Palo Alto Networks and Fortinet), as well as firewalls that attach their policies or ACLs to network interfaces (such as Cisco ASA), you should configure 'source ' for external or untrusted zones/interfaces and 'target' to internal zones/interfaces.
- The best approach is to block all access to TCP 445 at the beginning of the rule base to avoid accidentally opening it with less important rules.
- You should also block port 445 on your internal firewall to segment your network and prevent lateral movement – this will prevent the internal spread of ransomware.
- Note that blocking TCP 445 will prevent file and printer sharing, including across applications – if this is required for your business, you may need to leave the port open on some internal firewalls. set or use encryption key.
- If you need to share files externally (for example, for home users), use or Remote Desktop protocol to provide access to it.
- You may also want to block sensitive data with a host-based firewall like iptables, part of an advanced threat prevention system.
You should read it
- 2 effective and free ways to check WannaCry
- Warning with 4 dangerous variants of WannaCry malware
- WannaCry is not dead yet, it just attacked Honda and Australia's traffic camera system
- The more dangerous WannaCry version 2.0 has appeared
- How to identify WannaCry malicious code from Vietnam Computer Emergency Response Center (VNCERT)
- How to remove / fix ransomware WannaCry
- 'Hero WannaCry' pleaded guilty to writing malicious attacks on the banking network, facing a 10-year prison term
- Network security researcher claims to find a way to decode WannaCry
May be interested
- The hacker group threatened to spread the network attack tool behind WannaCrythe tool used by the hacker group to create the wannacry global cyber attack is about to be released.
- Warning with 4 dangerous variants of WannaCry malwarethe malicious code wannacry crippled the worldwide network in just a few hours after it appeared. in addition, 4 variants of wannacry malicious code are equally dangerous.
- The hero destroys the captured WannaCry because he suspected of creating a trojan to attack the bankmarcus hutchins, a british malware researcher who successfully attacked the wannacry ransomware attack was arrested in las vegas on suspicion of writing malware.
- Network security researcher claims to find a way to decode WannaCryransomware wannacry has infected hundreds of thousands of computers around the world. recently, a cyber security researcher said he had found a way to defeat it.
- How to Configure Firewall on Debian Using UFWufw provides a user-friendly way to control incoming and outgoing traffic, strengthening your system's defenses against unauthorized access and potential threats.
- How to identify WannaCry malicious code from Vietnam Computer Emergency Response Center (VNCERT)vncert issued an urgent order to coordinate agencies and units nationwide to prevent connecting computers to wannacry malware control servers.
- Download and sell Windows patches for all versions to avoid being hit by a massive cyber attack, affecting 150 countries and still spreadinga large-scale network attack is spreading globally, downloading windows updates immediately for prevented versions.
- Instructions to remove WannaCry Ransomware from your computerwanna cry ransomware is currently a nightmare for computers around the world, if you don't protect yourself with the knowledge about deleting wannacry from your computer, you are most likely the next victim of wanna crypt ransomware.
- Why is Ransomware the perfect hack?it is difficult to get an accurate number of cyber attacks, but the available data on ransomware give a poor picture.
- Hackers can use Ransomware to attack and control robotsioactive, an american security consulting firm, recently launched an attack to prove that hackers can not only use ransomware to attack computers to make ransom, but also attack complex robot systems. are being used in many areas.