A recent ransomware attack, known as WannaCry, is affecting a large number of businesses and organizations worldwide. Targeting unpatched Microsoft Windows operating systems, the malware exploits a flaw in Remote Desktop Protocol (RDP) or Windows Server Message Block (SMB) Protocol to lock users out of their systems until ransoms are paid.
An immediate action recommended is to apply the Microsoft MS17-010 patch on the unpatched Microsoft systems to close off the vulnerability. If you are a Zyxel ZyWALL firewall user and are using the Anti-Virus and Intrusion Detection and Prevention (IDP) services, there’s more you can do:
Use Anti-Virus to detect and block the malware: Gateway Anti-Virus catches malware at its first point of entry, preventing it from spreading across the internal network. Make sure your Anti-Virus signature is running on version 220.127.116.112 or above, and install the daily signature updates to protect yourselves from any of its variants.
Turn on your IDP service to prevent abnormal behaviors: When someone attempts to make use of the Microsoft MS17-010 exploit to start the attack, the IDP service is in place to prevent it from happening.
If your USG/ZyWALL device is running on firmware version ZLD 4.25, make sure your IDP signature is updated to version 3.2.4.051 or above. For those with USG/ZyWALL firmware ZLD 4.20 or earlier, please update to IDP signature version 18.104.22.168 for the most up-to-date protection. Fighting malware is a never-ending battle. Find out more tips here to defend your data from ransomware attacks.