Protect Against Ransomware (wannacry)

https://www.us-cert.gov/ncas/alerts/TA17-132A

Recommended Steps for Prevention

• Apply the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017.
• Enable strong spam filters to prevent phishing e-mails from reaching the end users and authenticate in-bound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent e-mail spoofing. 
• Scan all incoming and outgoing e-mails to detect threats and filter executable files from reaching the end users.
• Ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans.
• Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary. 
• Configure access controls including file, directory, and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares. 
• Disable macro scripts from Microsoft Office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office suite applications.
• Develop, institute and practice employee education programs for identifying scams, malicious links, and attempted social engineering.

• Have regular penetration tests run against the network. No less than once a year. Ideally, as often as possible/practical.
• Test your backups to ensure they work correctly upon use.

Recommended Steps for Remediation

• Contact law enforcement. We strongly encourage you to contact a local FBI field office upon discovery to report an intrusion and request assistance. Maintain and provide relevant logs.
• Implement your security incident response and business continuity plan. Ideally, organizations should ensure they have appropriate backups so their response is simply to restore the data from a known clean backup. 

Defending Against Ransomware Generally

Precautionary measures to mitigate ransomware threats include:

• Ensure anti-virus software is up-to-date.
• Implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks.
• Scrutinize links contained in e-mails, and do not open attachments included in unsolicited e-mails.
• Only download software – especially free software – from sites you know and trust.
• Enable automated patches for your operating system and Web browser.