In 2017, the NSA made headlines after developing a hacking tool called Eternal Blue. The NSA did not notify Microsoft of the stockpiled vulnerabilities, so Microsoft didn’t know what holes to seal. The hacker group called Shadow Brokers acquired this powerful hacking tool developed by some of our nation’s best and brightest.
While Microsoft did release a patch, Eternal Blue is still spreading like wildfire and exploiting a vulnerability in Microsoft’s Windows systems, allowing an external party to execute remote commands on their target.
The city of Baltimore is still reeling from the effects of an attack three weeks ago. The city refuses to pay a ransom and is steadily recovering their systems.
Last night during my flights, several display screens that usually show departures and arrivals showed a crashed Windows screen. The advertising screen of one airport store’s advertising displayed the blue screen of death.
What should you do to protect your organization from ransomware and other exploits that use Eternal Blue?
Give your IT professionals time away from their other projects to double-check essential functions. If you outsource, be willing to pay your managed service provider to perform additional steps beyond their usual scope of work.
Be sure to update the operating systems and all applications on all Windows instances. Microsoft released essential updates in March and more in October. Your missing patches may be weeks behind because proper patching is so challenging. If you’re unsure, Microsoft has instructions on how to verify the patch is installed. If you need a work-around, Microsoft also provides guidance on how to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Servers.
Back up in multiple ways. Additionally, copy your essential files to storage that gets disconnected from your network in case your backup files get encrypted with ransomware.
Test the restore process and time it. If the restore takes longer than you can comfortably stand being down, find another way to back up.
Update and confirm that your anti-virus tools are up to date on all endpoints.
Ask IT to turn up the restrictions on the spam filter. You, executives, must examine your risk appetite to determine how restrictive the filtering should be. Are you willing to accept the risk some good email messages could be blocked?
The same goes for web content filtering. Increase the strength too. Block all countries’ websites and re-enable them as needed.
The IT team must limit the number of administrative accounts that have privileged access.
Constantly re-educate your users.