{"id":1727,"date":"2017-05-15T14:27:39","date_gmt":"2021-06-02T06:27:39","guid":{"rendered":"http:\/\/10.10.10.99\/wordpress\/?post_type=news&#038;p=1727"},"modified":"2021-08-26T13:16:53","modified_gmt":"2021-08-26T05:16:53","slug":"defend-against-wannacry-wcry-ransomware","status":"publish","type":"news","link":"https:\/\/www.udshk.com\/?news=defend-against-wannacry-wcry-ransomware","title":{"rendered":"Defend against WannaCry\/Wcry Ransomware"},"content":{"rendered":"\n<p>Due to the WannaCry\/WCRY Ransomware attack around 150 counties, we need to notify how our security product to against this attack.&nbsp; The following is the information for protect your origination.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.udshk.com\/images\/fortinet.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>For the&nbsp;<strong>Forigatet<\/strong>&nbsp;product:<br>Update the IPS signature and anti-virus signature<br><a href=\"http:\/\/blog.fortinet.com\/2017\/05\/12\/protecting-your-organization-from-the-wcry-ransomware\">http:\/\/blog.fortinet.com\/2017\/05\/12\/protecting-your-organization-from-the-wcry-ransomware<\/a><br><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.udshk.com\/images\/tippingpoint.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>For&nbsp;<strong>TippingPoint<\/strong>&nbsp;product:<\/p>\n\n\n\n<p>Login to the TMC account&nbsp;<a href=\"https:\/\/tmc.tippingpoint.com\/TMC\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/tmc.tippingpoint.com\/TMC\/<\/a>&nbsp;and download the Ransom_WCRY_i.csw DV toolkit and import to the IPS<br>&nbsp;The filters in the CSW are designed to detect the propagation of the malware known as WannaCry\/WCRY by looking for the malware binary download.<br><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.udshk.com\/images\/sophos.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>For&nbsp;<strong>Sophos<\/strong>&nbsp;UTM:<br>Active the Advanced Threat Protection in the firewall<br><a href=\"https:\/\/community.sophos.com\/products\/unified-threat-management\/f\/network-protection-firewall-nat-qos-ips\/91927\/utm-advanced-threat-protection-blocks-kill-switch-url-for-wannacry-also-referenced-as-wcry-wannacrypt-and-wanacrypt0r\">https:\/\/community.sophos.com\/products\/unified-threat-management\/f\/network-protection-firewall-nat-qos-ips\/91927\/utm-advanced-threat-protection-blocks-kill-switch-url-for-wannacry-also-referenced-as-wcry-wannacrypt-and-wanacrypt0r<\/a><br><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.udshk.com\/images\/sophosinterceptx.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>For&nbsp;<strong>Sophos<\/strong>&nbsp;Intercept X:<br><a href=\"https:\/\/community.sophos.com\/products\/intercept\/f\/information\/91942\/intercept-x-releasing-any-new-updates-for-wannacry-ransomware\/332939\">https:\/\/community.sophos.com\/products\/intercept\/f\/information\/91942\/intercept-x-releasing-any-new-updates-for-wannacry-ransomware\/332939<\/a><br><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.udshk.com\/images\/lumension.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>For&nbsp;<strong>Lumension<\/strong>:<br>Apply the latest Windows Patch MS17-010 for all Windows computers by Lumension<br><a href=\"https:\/\/www.lumension.com\/vulnerability-management\/patch-management-software.aspx\">https:\/\/www.lumension.com\/vulnerability-management\/patch-management-software.aspx<\/a><br><br><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.udshk.com\/images\/splunk_.png\" alt=\"\" height=\"64\" width=\"198\"><\/p>\n\n\n\n<p>For&nbsp;<strong>Splunk<\/strong>:<br>Steering Clear of the &#8220;WannaCry&#8221; or &#8220;Wanna Decryptor&#8221; Ransomware Attack<br><a href=\"https:\/\/www.splunk.com\/blog\/2017\/05\/13\/steering-clear-of-the-wannacry-or-wanna-decryptor-ransomware-attack.html\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.splunk.com\/blog\/2017\/05\/13\/steering-clear-of-the-wannacry-or-wanna-decryptor-ransomware-attack.html<br><br><br><\/a><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.udshk.com\/images\/OpenDNS.png\" alt=\"\" height=\"75\" width=\"190\"><\/p>\n\n\n\n<p>On the 2nd Phase of the Infection Chain, the mssecscr.exe will call back to C&amp;C for the key and OpenDNS will terminate the connection between victim the C&amp;C.&nbsp; This will prevent the exploit of the Wannacry<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.udshk.com\/images\/OpenDNS_1.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>For questions or technical assistance, please contact&nbsp;<a href=\"mailto:\/\/breadwong@udshk.com\">Bread Wong<\/a>&nbsp;or (852) 28510271 (Office).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Due to the WannaCry\/WCRY Ransomware attack around 150 counties, we need to notify how our security product to against this attack.&nbsp; The following is the information for protect your origination. For the&nbsp;Forigatet&nbsp;product:Update the IPS signature and anti-virus signaturehttp:\/\/blog.fortinet.com\/2017\/05\/12\/protecting-your-organization-from-the-wcry-ransomware For&nbsp;TippingPoint&nbsp;product: Login to the TMC account&nbsp;https:\/\/tmc.tippingpoint.com\/TMC\/&nbsp;and download the Ransom_WCRY_i.csw DV toolkit and import to the IPS&nbsp;The filters [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2451,"comment_status":"closed","ping_status":"closed","template":"","tags":[],"news-category":[],"class_list":["post-1727","news","type-news","status-publish","has-post-thumbnail","hentry","entry","has-media","owp-thumbs-layout-horizontal","owp-btn-normal","owp-tabs-layout-horizontal","has-no-thumbnails","has-product-nav"],"_links":{"self":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/news\/1727","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/news"}],"about":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/types\/news"}],"author":[{"embeddable":true,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.udshk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1727"}],"version-history":[{"count":0,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/news\/1727\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/media\/2451"}],"wp:attachment":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1727"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.udshk.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1727"},{"taxonomy":"news-category","embeddable":true,"href":"https:\/\/www.udshk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fnews-category&post=1727"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}