Cybersecurity Archives - Community Security Initiative

August 22, 2019August 22, 2019

Ransomware strikes close to home

August 22, 2019

Today, the New York Times reported that “This has been the summer of crippling ransomware attacks” to all types of computer systems. Not only have 40 municipalities been struck — their data encrypted and a ransom demanded — but last week there was a report that another synagogue ransomware attack investigated by the FBI.

Cyber-hygiene. If you look closely at the screenshot above, you will see a pop-up from the anti-malware provider Malwarebytes, stating that its database is out of date (Oops!). What should you be doing to ensure a good cyber-hygiene regimen? (see a longer article from Symantec here)? What can you do to protect your data?

Deploy an antivirus/anti-malware product. An up-to-date, real-time antivirus might stop a cyber-attack.
Backup. Make sure to back up your important documents and keep a backup set offsite (in case of fire, etc.). There’s no excuse. These days, cloud backups are free or low-cost and you can automatically sync documents to your cloud account.
Update, update,update. It’s a constant battle. Bad actors learn how to sneak into our systems to do bad things. Software providers constantly provide security patches designed to close the open doors that bad actors use. Update your operating systems (Window or Mac), browsers, remote management software, Adobe products, Microsoft products, firewalls — everything. True, updates sometimes cause problems, but not updating leads to worse problems.
Use a firewall. Firewalls are the guards designed to protect your network from the internet. Whether you have a hardware or software firewall, it is critical that you keep it up to date.
Set strong passwords and use two-factor authentication. People still use easy-to-guess passwords like, “Welcome123”, fail to change default passwords, or use the same password for multiple sites. Check out password tips from Google here. Check out a good primer from PC Mag, Two-Factor Authentication: Who Has It and How to Set It Up.
Before you pay a ransom ask for help! Contact the DHS Cybersecurity and Infrastructure Security Agency (CISA), the FBI, or the Secret Service and work with an experienced advisor to help recover from a cyber attack. Victims of ransomware should report it immediately to CISA at www.us-cert.gov/report, a local FBI Field Office, or Secret Service Field Office.

Consider cyber-attack insurance. Cyber-attacks can be costly. Even if you are following all of the steps recommended above and have current backups of everything, you may still be attacked and getting back to business may be costly. A compromised computer or network will have to be restored. If there is a data breach and your members’ confidential data is compromised, other steps will have to be taken. Work with your insurance broker to determine what it would cost to recover from a cyber-attack versus the cost of the policy and do a cost-benefit analysis.

Note: Membership records. The synagogue was lucky, their membership data is stored in the cloud (e.g., Chaverware, ShulCloud). Most of the established synagogue management software stores data online, encrypts it and backs up its database. User agreements should specify that it is the vendor’s responsibility to protect your data and to be prepared to quickly restore it.

For more information visit the CISA Resource Page on Ransomware.

July 31, 2019

Reminder: Safeguard Against Ransomware Attacks

July 31, 2019

In light of the increasing number of reports of ransomware attacks against government data DHS and its partners issued the following statement. The three steps to resilience are good advice for all of us to implement.

CISA, MS-ISAC, NGA & NASCIO RECOMMEND IMMEDIATE ACTION TO SAFEGUARD AGAINST RANSOMWARE ATTACKS

Take the First Three Steps to Resilience Against Ransomware for State and Local Partners

WASHINGTON – July 29, 2019 – The recent ransomware attacks targeting systems across the country are the latest in a string of attacks affecting State and local government partners. The growing number of such attacks highlights the critical importance of making cyber preparedness a priority and taking the necessary steps to secure our networks against adversaries. Prevention is the most effective defense against ransomware.

The Cybersecurity and Infrastructure Security Agency (CISA), Multi-State Information Sharing and Analysis Center (MS-ISAC), National Governors Association (NGA), and the National Association of State Chief Information Officers (NASCIO) are committed to supporting ransomware victims and encouraging all levels of government to proactively protect their networks against the threat of a ransomware attack. Today, we call on our State, local, territorial and tribal government partners, along with the wider cyber community, to take the following essential actions to enhance their defensive posture against ransomware. Through this collective action, we can better protect ourselves and our communities, and further advance the cyber preparedness and resilience of the Nation.

Three Steps to Resilience Against Ransomware

Back-Up **Your Systems – Now (and Daily)**

Immediately and regularly back up all critical agency and system configuration information on a separate device and store the back-ups offline, verifying their integrity and restoration process. If recovering after an attack, restore a stronger system than you lost, fully patched and updated to the latest version.

Reinforce Basic Cybersecurity Awareness and Education

Ransomware attacks often require the human element to succeed. Refresh employee training on recognizing cyber threats, phishing and suspicious links – the most common vectors for ransomware attacks. Remind employees of how to report incidents to appropriate IT staff in a timely manner, which should include out-of-band communication paths.

Revisit and Refine Cyber Incident Response Plans

Agencies must have a clear plan to address attacks when they occur, including when internal capabilities are overwhelmed. Make sure response plans include how to request assistance from external cyber first responders, such as state agencies, CISA and the MS-ISAC, in the event of an attack.

Additional Resources

After implementing these recommendations, refer to the ransomware best practices published by CISA, MS-ISAC, NGA, and NASCIO for additional steps to protect your organization.

###

July 24, 2019April 5, 2020

Cyber attacks increase, what can you do?

July 24, 2019

Cybersecurity Best Practices

DOWNLOAD

The following is a list of best practices designed to keep individuals and their data safe when connected to the internet.

EMAIL SECURITY

Avoid opening emails, downloading attachments, or clicking on suspicious links sent from unknown or untrusted sources.
Verify unexpected attachments or links from known senders by contacting them via another method of communication.
Avoid providing your email address, phone number, or other personal information to unknown sources.
Avoid providing sensitive information to anyone via email. If you must, be sure to encrypt it before sending.
Be skeptical of emails written with a sense of urgency and requesting an immediate response, such as those stating your account will be closed if you do not click on an embedded link or provide the sender with sensitive information.
Beware of emails with poor design, grammar, or spelling.
Ensure an email’s “sender name” corresponds to the correct email address to identify common email spoofing tactics.
Never open spam emails; report them as spam, and/or delete them. Do not respond to spam emails or use included “Unsubscribe” links as this only confirms to the spammer that your email address is active and may exacerbate the problem.

PASSWORDS AND MULTI-FACTOR AUTHENTICATION

Use strong passwords on all of your accounts.

Long, complex passwords make you less susceptible to brute-force attacks.
Use a combination of upper and lowercase letters, numbers, and special characters.
Avoid easy-to-guess elements like pets’ names, children’s names, birthdays, etc.

To reduce the risk of account compromise, account holders should:

Avoid using the same password across multiple accounts or platforms.
Never share their password with anyone, leave passwords out in the open for others to read, or store them in an unsecured, plaintext file on computers or mobile devices.
Consider using long acronyms or passphrases to increase the length of your password.
Enable two-factor authentication (2FA) or multi-factor authentication (MFA) on all accounts that offer it. This will help prevent unauthorized access in the event of credential compromise.

ON THE WEB

Ensure any websites requesting the insertion of account credentials and those used to conduct transactions online are encrypted with a valid digital certificate to ensure your data is secure. These website addresses will have a green padlock displayed in the URL field and will begin with https.
Avoid saving account information, such as passwords or credit card information, in web browsers or browser extensions.
Avoid using public computers and public Wi-Fi connections to log into accounts and access sensitive information.
Consider using ad-blocking, script-blocking, and coin-blocking browser extensions to protect systems against malicious advertising attacks and scripts designed to launch malware or mine cryptocurrency.
Sign out of accounts and shut down computers and mobile devices when not in use. Program systems and devices to automatically lock the active session after a set period of inactivity.

DEVICE SECURITY

Keep all hardware and software updated with the latest, patched version.
Run reputable antivirus or anti-malware applications on all devices and keep them updated with the latest version.
Create multiple, redundant backups of all critical and sensitive data and keep them stored off the network in the event of a ransomware infection or other destructive malware incident. This will allow you to recover lost files, if needed.

June 4, 2019June 7, 2019

New DHS resource guide and mail screening poster

June 04, 2019

New resource guide. Take a look at DHS’ new resource guide, Security of Soft Targets and Crowded Places. It’s essentially a one-stop table of contents for DHS’s free materials, including links for help on identifying suspicious activity, access control and screening, active assailants (they’re not just shooters anymore) and bomb threats. Follow the supplied links for an introduction to facility security that can serve as a good first step for houses of worship, schools and other soft targets. Resources include fact sheets, guidance, and online training and education courses.

Mail screening poster. Thanks to the world’s leading geopolitical intelligence platform, Stratfor, for its timely reminder about mail and package screening after an attempted bombing.

While many questions remain in the case of a parcel bomb sent to a Mexican senator, the largest is why the mail of such a high-level official was not screened.
While politicians and large corporations clearly must take significant measures to screen their mail, even ordinary people (and Jewish organizations) should open their mail cautiously.
Simple steps can help everyone from the largest entities to the average citizen.

Note that Cesar Sayoc, 57, admitted in court to having mailed 16 explosive devices to a variety of officials and to CNN’s offices in October 2018. He allegedly said he would “eradicate the Jews” if he had the power to, along with lesbians, black people and Hispanic people.

We urge you to download the tips found on the Stratfor graphic and share it with your staff and others.

August 9, 2018February 14, 2021

May 5779 be a year of peace and security; what you can do to help

August 09, 2018

Rosh Chodesh Elul includes clarion calls indicating that the High Holidays are coming soon. So, now is a good time to check out a recent presentation on synagogue security or to take a deeper dive into the library of documents available on the JCRC-NY Security Resources pages. Here are some relevant selections:

High Holiday Security and Emergency Preparedness Planning Library

Topical guidance

Are you prepared? 5 steps to make your facility safer and more secure
Sample Building Access Policies & Procedures (PDF)
Bomb Threat Guidance resources. See also Hoax threats can be scary, too, To evacuate or not to evacuate? That is the question., DHS’ Introduction to Bomb Threat Management, Manhattan bomb threat: lessons learned, Bomb threat training video.
Active Shooter Resources Page (DHS, FBI and NYPD)
Cybersecurity Resources Page
US Postal Inspection Service Guide to Mail Center Security (PDF)

Vulnerability, Risk and Safety Assessments and Planning

FEMA: Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings
FEMA, Emergency Operations Planning
DHS:
- Potential Indicators, Common Vulnerabilities, and Protective Measures: Religious Facilities (Updated)
- Hometown Security Report Series: Houses of Worship
- K-12 School Security: A Guide for Preventing and Protecting against Gun Violence (2^nd ed., 2018) provides preventive and protective measures to address the threat of gun violence in schools. The Guide is delivered in two parts: the first portion is a PDF with general security best practices and considerations in narrative format; while the second portion is a Microsoft Excel-based security survey. Together, these documents outline action-oriented security practices and options for consideration based on the results of the individual school’s responses to the survey. While the primary audience for the Guide is the K-12 community, institutions of higher education or pre-K schools may also benefit from the information presented.
NYPD: Engineering Security: Protective Design for High Risk Buildings
OSHA: Evacuation Plans and Procedures eTool. This expert system will help you to create a basic Emergency Action Plan. This basic plan likely will be adequate for needs of many small and medium-sized entities. Most small and medium-sized entities can create basic plans using this system in 10 to 15 minutes. Larger, more complex organizations will require more work.
Practical Information on Crisis Planning: A Guide for Schools and Communities. U.S. Department of Education, Office of Drug Free and Safe Schools. Taking action now can save lives, prevent injury, and minimize property damage in the moments of a crisis. The importance of reviewing and revising school and district plans cannot be underscored enough, and Practical Information on Crisis Planning: A Guide for Schools and Communities is designed to help you navigate this process. The Guide is intended to give schools, districts, and communities the critical concepts and components of good crisis planning, stimulate thinking about the crisis preparedness process, and provide examples of promising practices.
Emergency Preparedness Planning Guide for Childcare Centers. From the Illinois Emergency Medical Services for Children (a collaborative program between the Illinois Department of Public Health and Loyola University Chicago). Lots of ideas to keep toddlers safe.
Readiness and Emergency Management for Schools (REMS) Technical Assistance Center, U.S. Department of Education
REMS: Conducting a Safety Audit
California STAS: Protective Measures for Enhanced Facilities Security
New Jersey Office of Homeland Security and Preparedness Critical Infrastructure Protection Bureau: Facility Self-Assessment Tool (updated) and other tools here.

July 16, 2018

Could you be the next victim? How the Russians hacked us.

July 16, 2018

Phishing has been in the news lately. The latest indictment from the Special Counsel’s Office (i.e., Mueller) shows that it’s easy to become a victim (see the screenshot below and click on it for more info). The attack was both sophisticated and surprisingly simple.

Government sources report that phishing attacks are up. You don’t have to be the target of sophisticated government cyber-warriors. Too many bad actors know the tricks of the trade and they can hijack your identity, your data and/or plant ransomware on your computer.

We’ve collected tips from various sources to help you to identify potentially-dangerous phishing emails. Just click on How to spot phishing like a pro. The document has several examples and is in PDF format so that you can download it and distribute it widely.

Remember to practice the basics:

Don’t click on links that you don’t recognize.
Use strong passwords.
Install anti-virus/anti-malware protection and keep the definitions up to date.
Install security updates for the software on your computer as they are released.

For more information, tips and resources see our dedicated webpage: www.jcrcny.org/cybersecurity.

January 29, 2018April 9, 2018

Happy Tax Identity-theft Awareness week

January 29, 2018

Tax Identity Theft Awareness Week is a campaign run by the Federal Trade Commission (FTC) from January 29 to February 2 to spread awareness of tax-related identity theft and IRS imposter scams. The FTC, IRS, Department of Veteran Affairs, and others are hosting various events throughout the week to educate the public on these threats.
Tax identity theft remains one of the top scams listed on the IRS “Dirty Dozen” list and, although safeguards put in place by the agency in 2016 did reduce the number of fraudulent tax returns processed last year, large-scale data breaches that exposed hundreds of millions of American’s personal and financial information have drastically increased the risk that identity theft and tax fraud will occur in 2018. Tax return preparer fraud also remains a concern as dishonest preparers often surface this time of year to target unsuspecting victims and use their personal information to conduct tax refund fraud and identity theft.

File your tax return as early as possible.
Use a secure internet connection to file electronically, or mail your tax return directly at the post office.
Never respond to emails, texts, or social media communications claiming to be from the IRS. The IRS will only contact you by mail. Report any suspicious or unsolicited emails claiming to be sent from the IRS to phishing@irs.gov.
Never provide personal information to anyone purporting to be an IRS representative who contacts you via an unsolicited telephone call. Instead record the caller’s name, badge number and a call back number. Hang up and then contact the IRS at 1-800-366-4484 to determine if the caller is an IRS employee with a legitimate need to contact you. Also, remember that the IRS will never call demanding immediate payment of taxes owed or a specific method of payment, such as a prepaid debit card, gift card, or wire transfer.
Monitor your credit report to verify there is no unauthorized activity.
Enroll in the IRS Identity Protection Pin (IP PIN) program to obtain a 6-digit pin.

Organization payroll and human resources departments must remain vigilant in safeguarding employee tax records. Cybercriminals target HR and payroll departments using various social engineering schemes designed to trick them into believing upper management has made an urgent request for employee W-2 forms. Because these schemes are often very sophisticated and convincing, many targets act on the request quickly without taking additional steps to verify the source. Payroll and HR officials should be wary of any requests for employee W-2 forms or Social Security numbers and security procedures should be implemented that require the written approval of multiple people before a request for personal information is fulfilled. The following are additional IRS tips for protecting yourself against potential tax identity theft:

IR-2017-193: Online Security – Seven Steps for Safety
IR-2017-194: Don’t Take the Bait; Avoid Phishing Emails by Data Thieves
IR-2017-196: Victims of Data Breaches Should Consider These Steps
IR-2017-197: Employers, Payroll Officials, Avoid the W-2 Email Scam
IR-2017-198: Small Businesses: Be Alert to Identity Theft
IR-2017-211: Get Ready for Taxes: Choosing a Tax Return Preparer?
IR-2017-203: IRS Warns Taxpayers, Tax Pros of New Email Scam Targeting Hotmail Users

October 10, 2017

Cybersecurity is everybody’s business

October 10, 2017

Cybersecurity in the Workplace Is Everyone’s Business. Whatever your place of business – whether it’s a large or small organization, healthcare provider, academic institution or government agency – creating a culture of cybersecurity from the breakroom to the board room is essential and a shared responsibility among all employees. Spread the word by posting online safety tips on your social media platforms, including Google+, Facebook, Twitter and LinkedIn. Remember to use the official NCSAM hashtag, #CyberAware.

Over the past year multiple synagogues were hit with Ransomware demands and many Jewish-related websites were hacked and defaced. Here at JCRC, members of our board still receive pleas for cash from a deceased, former board member. His email account was hacked. It can happen to anyone. Please consider the simple tips below from our wonderful NJ partners and send an email to njccic@cyber.nj.gov to subscribe to their weekly newsletter, with important updates and information. Click here to check out the JCRC-NY’s Cybersecurity Resources for more ideas.Creating a culture of cybersecurity is critical for any organization. From new employees to leadership, effective cybersecurity requires the awareness and vigilance of every employee to keep data, customers, and capital safe and secure. The following are simple tips to help foster a culture of cybersecurity in your organization.

When in doubt, throw it out. If an email, attachment, or link looks suspicious, even if you know the source, it is best to delete it.
Back it up. Make electronic and physical backups of all important work to prevent the loss of data from malfunctions, malware, theft, viruses, and accidental deletion.
Guard your devices. Never leave laptops and devices unattended in a public place or unlocked when not in use.
Secure your accounts. Do not share usernames and passwords with anyone, and turn on stronger authentication for an added layer of security beyond a password.
Report anything suspicious. If you experience any unusual problems with your computer or device, or suspect an attachment or link to be malicious, immediately report it to your IT department.

Join one of our cyber intelligence analysts as she discusses how organizations can protect against the most common cyber threats and the resources available to help strengthen cyber resilience.

Click to listen to Episode 41: Cybersecurity in the Workplace is Everybody ’s Business

____________________________________

David M. Pollock
Associate Executive Director & Director, Public Policy and Jewish Security
225 West 34th Street, Suite 1607 | New York, NY 10122 | 212.983.4800×132
pollockd@jcrcny.org | /security

Click here to subscribe to the JCRC-NY Security and
Emergency Preparedness Alert list.

May 17, 2017February 12, 2019

More tips on Ransomware

May 17, 2017

It seems that WannaCry is sputtering out. Unfortunately, the experts predict that similar attacks could resume at any time, so it’s best to be prepared.

Here’s a great article from Techsoup, a great nonprofit that helps other nonprofits access donations and discounts from more than 60 donor partners, including Microsoft, Adobe, Cisco, Intuit, and Symantec. Their suggestions are, almost always, low or no cost solutions. Nonprofits should visit their site and sign up. Your nonprofit will save money on hardware and software.

What You Can Do About Ransomware

Jim Lynch, TechSoup

16 May 2017 4:53 PM

Late last week, there was a huge ransomware attack called WannaCry that affected over 200,000 Windows PCs in 150 countries and is still going. The attack has hit businesses, universities, and hospitals so far. Nonprofit, church, library, and foundation offices are vulnerable to this malware, which can lock up your IT system until a ransom is paid. We thought we’d explain a bit how you can protect your office.

What Is Ransomware?

Ransomware is malware that comes into an IT network mainly when computer users open an unknown email attachment or click on a web link. The malware then locks up and encrypts the files in the IT system and holds them for ransom until a payment is made, usually demanded in Bitcoin. Ransomware became famous as a tool of cybercrime in 2013 with the infamous Cryptolocker attacks. The malware technique has actually been around since 1989, however.

WannaCry Ransomware

The WannaCry malware is the latest ransomware attack in a succession of them. This virus is also known as WannaCrypt, Wana Decryptor, or WCry. This particular type of ransomware exploits a vulnerability in the Microsoft Server file system. Apple products and systems based on the Linux/Unix operating systems are not at risk, unless running Windows System Emulator. Infected users are presented with a screen demanding a $300 to $600 payment to restore their files.

While the attack has hit more than 200,000 computers, only around 200 people are estimated to have paid the $300 ransom. In the U.S., Homeland Security says that the list of victims is very small. It is still relatively early in the WannaCry attack, however. The victims range widely, from small companies and organizations to large IT networks like the automaker Renault in Europe. Small offices, like those in nonprofits, are at risk in this cyberattack.

How to Protect Your IT System

Taking these steps will help keep you safe from ransomware attacks.

1. Take Advantage of These Microsoft Resources

Windows Defender is the free antivirus tool on Windows 10.
Microsoft Safety Scanner is a free downloadable security tool for all Windows versions that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.
Microsoft Safety and Security Center has a free Security Risk Assessment that will provide recommendations for protecting your network and IT infrastructure.
Microsoft customers who believe they are affected can contact Microsoft Customer Service and Support.

2. Back Up Your Critical Data and Documents

If and when your organization is hit with a cyberattack, it is essential to have your mission-critical data and documents stored in the cloud or on a hard drive that is not connected to your IT system. After an attack, your computers or servers may require reimaging.

TechSoup offers cloud storage services like the Box donation program. Also, the Veritas donation program at TechSoup provides backup and restore software to eligible nonprofit organizations and public libraries.

3. Update All Your Windows Software and Enable Automatic Updates

Since WannaCry malware attacks Windows operating systems, a critically important thing to do is to run Windows Update on all Windows devices and also Windows Server software and enable automatic updates on all Windows devices. Microsoft’s Security Bulletin MS17-010 from March of this year provides details on all the Windows software versions that can be patched by running Windows Update. Since the attack, Microsoft has issued patches for previously unsupported versions including Windows XP, Windows 8, and Windows Server 2003. You can download these security patches manually from Microsoft’s Update Catalog. (Link might not work in all browsers.)

If your organization is running old versions of Windows like XP or Server 2003, or if you’re running nonlegal (pirated) versions of Microsoft Windows or Windows Server, you may well have trouble running Windows Update. Check your TechSoup eligibility to see if your organization qualifies for Microsoft software donations.

4. Use Antivirus Software and Keep It Up to Date

Antivirus and malware protection software has become TechSoup’s most requested type of product donation over the last couple of years. This type of protection is designed to catch cyberattacks before they infect your IT system.

5. Be Really Careful with Email

Email is one of the main infection methods of all malware and specifically of WannaCry ransomware. Be wary of unexpected emails especially if they contain links or attachments. If you find a suspicious link, before you click on it, you can go to the free virustotal.com service. It will tell you whether or not it has been reported as a dangerous link.

Also, be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.

6. Enable the File Extensions Option in Windows Settings

There are particular file types that pose the greatest security risk to all users. It is helpful to see what kinds of files you’re trying to open. File extensions like .exe, .vbs, and .scr are the dangerous ones. To be able to see file extensions, enable them in Windows Settings. I like the Laptop.com directions on how to do this in Windows 10.

7. If You Do Get Hit with Ransomware …

If you do get infected, shut down your PC and disconnect it from the Internet and your network. This of course limits the spread of the infection. Also, cybersecurity experts say that paying the ransom should be a last resort. Avoid doing that if you can. The alternative of rebuilding infected machines is not great either, but it does discourage cyberblackmailers from coming back.

The sad news in all of this is that new WannaCry ransomware variants are expected to appear going forward for some time. And new malware of other types will also come calling to attack our IT systems. This will be the case no matter how small our offices are. The good news is that the seven points we’ve listed above will give you greater protection for your IT system against future online threats. At TechSoup, we want ya’ll to stay safe out there.

Image: portal gda / CC BY-NC-SA

May 15, 2017February 12, 2019

Microsoft Customer Guidance for WannaCrypt attacks

May 15, 2017

MSRC Team May 12, 2017 | https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

Microsoft solution available to protect additional products

Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers. This blog spells out the steps every individual and business should take to stay protected. Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.

Details are below.

In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.
For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt. As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider, that they are protected.
This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect against SMBv1 attacks, customers should consider blocking legacy protocols on their networks).

We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download (see links below).

Customers who are running supported versions of the operating system (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016) will have received the security update MS17-010 in March. If customers have automatic updates enabled or have installed the update, they are protected. For other customers, we encourage them to install the update as soon as possible.

This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind.

Some of the observed attacks use common phishing tactics including malicious attachments. Customers should use vigilance when opening documents from untrusted or unknown sources. For Office 365 customers we are continually monitoring and updating to protect against these kinds of threats including Ransom:Win32/WannaCrypt. More information on the malware itself is available from the Microsoft Malware Protection Center on the Windows Security blog. For those new to the Microsoft Malware Protection Center, this is a technical discussion focused on providing the IT Security Professional with information to help further protect systems.

We are working with customers to provide additional assistance as this situation evolves, and will update this blog with details as appropriate.

Phillip Misner, Principal Security Group Manager Microsoft Security Response Center

Further resources:

Download English language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64

Download localized language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64

General information on ransomware: https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx

MS17-010 Security Update: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

1 2 3 4 Next page

Category Archives: Cybersecurity