How to urgently handle WannaCry ransomware

Vietnam is currently on the list of 20 countries attacked by this malware.

The Department of Information Security (Ministry of Information and Communications) said that currently, the malware named WannaCry exploits a number of vulnerabilities in the Windows operating system to attack computers with the goal of encrypting data to demand ransom, affecting many organizations and individuals globally. The Department of Information Security - Ministry of Information and Communications guides organizations and individuals to take urgent measures to handle this malware as follows:

The Department of Information Security has issued instructions on how to urgently handle the WannaCry ransomware.

For individuals, it is necessary to immediately update the Windows operating system versions they are using. Particularly for computers using Windows XP, use the latest update specifically for this issue at:

https://www.microsoft.com/en-us/download/details.aspx?id=55245&WT.mc_id=rss_windows_allproducts

Or search by keyword update KB4012598 on Microsoft's homepage.

Individuals also need to immediately update the Antivirus programs they are using. For computers without Antivirus software, they need to install and use a licensed Antivirus software immediately. The Information Security Department recommends that users be careful when receiving emails with attachments and strange links sent in emails, on social networks, chat tools, etc.

Users should be cautious when opening attachments, even if they come from familiar sources. Use online or licensed malware scanners on your computer before opening these files.

Users should not open links with the extension .hta or links with unclear structures, shortened links, and should immediately take measures to store (backup) important data.

For organizations, businesses, especially system administrators, it is necessary to immediately check servers and temporarily block services using ports 445/137/138/139.

Organizations and businesses need to take early, appropriate update measures for each organization's Windows servers. Create snapshots for virtualized servers to prevent attacks.

Organizations and businesses must take measures to update workstations using Windows operating systems. Update the database for Antivirus Endpoint servers in use.

For systems that do not use these tools, it is necessary to deploy licensed Endpoint software and update the latest software for workstations immediately. Organizations and businesses should take advantage of information security solutions available in the organization such as Firewall, IDS/IPS, SIEM... to monitor, supervise and protect the system during this sensitive time.

Update updates from security vendors for available solutions. At the same time, prevent and monitor domains being used by WannaCry malware, to identify infected computers in the network for timely handling:

http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/

These domains have been sinkholed, the Information Security Department will continuously update this list on the website.

Organizations and businesses should consider blocking the use of Tor on the network and taking measures to store (backup) important data immediately. Organizations and businesses should warn people and take the above measures for users. The Department of Information Security also recommends that organizations and businesses immediately contact the authorities as well as organizations and businesses in the field of information security for support when necessary.

According to GenK