WannaCry Ransomeware Update
Today May 12th, Spain’s Computer Emergency Response Team CCN-CERT, posted an alert on their site about a massive ransomware attack affecting several Spanish organizations. The alert recommends the installation of updates in the Microsoft March 2017 Security Bulletin as a means of stopping the spread of the attack.
Here are important mitigation steps to take:
188.166.23.127:443
193.23.244.244:443
2.3.69.209:9001
146.0.32.144:9001
50.7.161.218:9001
217.79.179.77
128.31.0.39
213.61.66.116
212.47.232.237
81.30.158.223
79.172.193.32
89.45.235.21
38.229.72.16
188.138.33.220
Should you have question, please feel free to contact us
Regards,
SysReady Threat Response Team
Here are important mitigation steps to take:
- Make sure all windows based systems are patched to the latest update. At a minimum Microsoft bulletin MS17-010 should be applied.
- Ports (ports 139, 445) should immediately block inbound traffic.
- Also, here is a list of reported IPs that serve as CC and should be blocked:
188.166.23.127:443
193.23.244.244:443
2.3.69.209:9001
146.0.32.144:9001
50.7.161.218:9001
217.79.179.77
128.31.0.39
213.61.66.116
212.47.232.237
81.30.158.223
79.172.193.32
89.45.235.21
38.229.72.16
188.138.33.220
- Finally, if not already you should be using application control to block Tor access or at the very least importing Tor exit node IPs to block at your firewall. This threat installs Tor to execute much of its activity on the Tor network to remain hidden.
Should you have question, please feel free to contact us
Regards,
SysReady Threat Response Team