How do we protect our customers against WannaCry?
To cut to the chase, F-Secure's solutions block WannaCry ransomware. Our endpoint products proactively prevent all in-the-wild examples of WannaCry and F-Secure's vulnerability management product flags known vulnerabilities within the system for remediation.
We have detected the ransomware since its inception, meaning that protection was available to all F-Secure endpoint customers already before the outbreak. F‑Secure's endpoint solutions offer protection against ransomware outbreaks such as WannaCry on three layers to ensure that attacks can be stopped at multiple places along the attack chain.
MULTIPLE LAYERS OF PROTECTION
We don't wanna cry
Mikko Hypponen talks about the WannaCry ransomware outbreak at F‑Secure's annual SPECIES event for operator partners.
WHAT SHOULD YOU DO TO PROTECT YOURSELF
- Ensure DeepGuard and real-time protection is turned on in all your corporate endpoints.
- Identify endpoints without the Microsoft-issued patches (4013389) with Software Updater and patch them immediately.
- Apply MS17010 to Windows Vista and later (Windows Server 2008 and later)
- Apply the patch from Friday, May 12th to Windows XP or Window Server 2003
- In case you are unable to patch your endpoint(s) immediately, we recommend you disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547 in order to reduce your attack surface.
- Configure your firewall to properly block traffic.
- Block 445 inbound to all internal and internet-facing Windows systems to prevent workstations from getting infected.
- Block 455 outbound from servers to prevent the servers from spreading WannaCry within the environment.
- Alternatively, you can set F-Secure's Firewall policy to its highest setting, which has predefined rules to block the attack.
