Ransomware WannaCry lockd down the HD of the target PC & askd to pay to release files or get the decrypt keys. Paymnt is sought in Bitcoins.
India ws amng 99 countries & PCs in AP were compromisd. Sum banks disabld ATM acess althgh no advisory ws snt by RBI bt sum security patchs.
Disappntd wd Govt or CERT approach to CyberSpace. Thr are no stringent policies. E.G 70% of our ATM still use XP defunct in 2014. Shocked??
Thr r layers of wht we r doing wrong tht cant b mntnd publically bt we remain a soft target. Rem hw our card data ws compromised sumtime bk?
Comng bck, WannaCry uses the MS17-010 exploit to spread to othr PCs thrgh NetBIOS. It generates internal IPs & propagates itslf ovr Network.
If you allow NetBIOS packets frm outside Network, you mght be in trouble. I recommend applying patches by MS & Orgs shld disable SMB fr nw.
Also, add rule to block 445 TCP input. Wnt to knw wht is a Ransomeware? Chck the image blw. Hw ws WannaCry controlld? Read the final tweet.
Unregis domain ws found in RW code. It ws registerd & same IP pingd bck to all infectd PCs. Malware thought it ws in Sandbox & killed itslf.