Destructive malware targeting Ukrainian organizations
[Anyone should learn from their experience and be ready for anything ahead of any compromise]
Microsoft is moving faster than most of the antivirus. They are publishing information about tracking a potential exploit in your system. Perhaps Microsoft’s publication is oriented for the Ukraine region. It won’t hurt if you look at that publication and check for their recommendation. Who knows if those files are already waiting for their activation at some point.
- Most IT people should have gone through an essential checklist:
- Block any port that does not need to be open.
- Activate 2FA in all your accounts.
- Lock or delete unnecessary old unused accounts.
- Patch all your systems
- Block access to physical servers
- Review your Disaster Recovery plan and try it out, test it!
- If you see a computer system acting up, and if possible, wipe it out and install it back from scratch using trustable sources of code.
- Watch for infected USB or external hard drives.
- Do not reinstall computers in a network where other computers are active; those computers could infect your new installation right in the stage when it is not yet fully patched.
- Get new brand hard drives and USB memory sticks. Create full images of the servers and follow the rules of three. One backup locally in your premises, one out of your premises, and a third using an online backup service.
- Test your backups!.
It is time to get back to the origins of the internet; if your organization has buildings across the city, states, or the country, create image replicas of your servers in those facilities that are away from you.
Now let’s take a look at Microsoft recommendations; please click on the image to access the original document:
Thank you for visiting cybersecurity blog.