• Grab A Quote

    Grab A Quote

    Services Required
     Security Posture Assessment
     Penetration Testing
     Vulnerability Assessment
     Architecture Review
     Source Code Review
     Other Services Required

    Disclaimer: We require this information to understand your needs and provide you with a better service. Your privacy is important to us. We will not disclose your personal information to any third party.
  • Got Hacked? Get Instant Help 24/7

    Got hacked ? Let Us Help You

    Disclaimer: We require this information to understand your needs and provide you with a better service. Your privacy is important to us. We will not disclose your personal information to any third party.

Paranoid About #WannaCry ? You Need to Read This !


Beginning Friday,  May 12th, 2017, at AKATI Consulting Emergency Response Team and at our Security Operations Centre we started seeing a colossal wave  of infected machines related to a new ransomware known as “WannaCry.” The attacks have been widespread, affecting almost 200,000 machines (as at writing about 205,870 machines were affected) from hospitals, automotive manufacturers, banks, and telecommunications service providers about 100 countries globally.

The ransomware takes advantage of a vulnerability which is  part of a multiple equation group vulnerability commonly identified as Eternal Blue, Eternal Champion, Eternal Synergy & Eternal Romance. This collection of  hacking tools allegedly created by the NSA and then subsequently dumped by a hacking group calling itself "The Shadow Brokers" on the 14th of April 2017.

Wannacry specifically exploits the MS17-010 vulnerability.

This is the first part of the article which deals with the remediation and prevention of this ransomware. We will publish another article that explains the incident in more detail.

So lets jump straight in.

I have been attacked ! What do I do ?

  • Invoke or implement your security incident response & business continuity plan. Ideally, corporations should ensure they have maintained appropriate offline backups  of all mission critical data. 
  • Backup copies of sensitive data should not be readily accessible from local networks.
  • In this situation you would  simply need to restore the data from a known clean backup.

Backup ? Business Continuity ?  What’s that ?

  • We would strongly recommend you to contact our emergency response team to report this incident and request assistance.
  • Please maintain and provide relevant logs.
  • We will do our best to assist you promptly.

How do I detect if I’m vulnerable to this ?

Try the following steps (Technical) :

Holy cow ! Speak English will you ? (Non-Technical)

  • Update your Antivirus
  • Keep backups of your data (Remember Murphy’s law)
  • If you have Windows 8 and below , check this website and apply the patch https://technet.microsoft.com/...

Well, I haven’t been attacked – Phew ! But I’m paranoid !  (Recommended Preventative Steps)

  • Immediately apply the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017
  • Disable SMBv1 protocol
  • Set measures to prevent lateral movement, for example monitor Event IDs related to user’s management (creation, modification and deletion) and changes in services of the hosts.
  • Consider using Privilege Access Management (PAM) tools. Always implement the principle of least privilege and manage the use of privileged accounts. Users should only be assigned administrative access when absolutely needed.
  • Ensure Antivirus and anti-malware solutions are updated and set to automatically update antivirus definitions and conduct regular scans
  • Scan all incoming and outgoing e-mails to detect threats and filter executable files from reaching the end users
  • Prevent phishing emails from reaching your end users by deploying inbound authentication technologies such as  Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent e-mail spoofing
  • Consider using Microsoft Office Viewer software to open MS Office files transmitted via e-mail. Or disable macro scripts completely !
  • Ensure you have done offline backups of all critical data &  test your backups to ensure they work !
  • Cultivate and embed employee cyber security awareness programs for identifying phishing, malicious links, social engineering and other key areas on unsafe computer usage.  
  • Conduct regular automated vulnerability assessments & comprehensive manual penetration tests against the entire network both external and internal. No less than once a year. Ideally, as often as possible/practical.
  • Implement a proactive 24x7 Security Operations Centre that will constantly detect and respond to such incidents. This can be insourced or outsourced via Managed Service Partners.

Armed with this information we hope you can continue enjoy the rest of the weekend ( whatever that's left out of it ) and stay tuned for our next article !

Adios, Amigos !