- Rollout MS17-010 to any systems that don’t have it
- If you have unsupported operating systems and/or can’t patch – figure out how to isolate those devices, remove internet access, disable SMB access
- There is no excuse for having SMB exposed to the internet, remove that now
- Use this as an opportunity to discuss risk with your executives
Why Is This So Big?
Unlike typical ransomware, which needs someone to open a phishing email or navigate to a malicious site, this virus is able to propagate to remote network computers on its own. This is, for the most part, due to unpatched systems.The virus quickly spread yesterday into many networks. Once it made it into a network, it was able to easily spread within the internal networks if there were systems without these patches.
What should we do?
Microsoft Guidance: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/