The latest variants (teslacrypt in particular) may not be picked up by anti-malware and anti-virus software, however please ensure that your virus definitions are up to date as all vendors will be urgently working on a resolution. Keeping your plugins/software up to date is also important; the most recent attacks have been using vulnerabilities that exist in older versions of Adobe Flash Player but are fixed in the current version for example.
Keep privileged users/users with local administrator rights to a minimum - up to 90% of malware can be prevented if the user does not have local administrator rights. In addition, in unauthorised executables are blocked from running by software restrictions policies, however local administrators and privileged users are exempt from this policy making them vulnerable.
Ensure that your backups are up to date and verified; upon infection restoration of a backup is the only guaranteed method of getting your data back. The most vulnerable route into a network is through the users so please educate them regarding safe Internet and email usage. These viruses are usually spread through emails. Users should report any suspicious emails and refrain from opening attachments, or clicking links in emails, unless they are certain they are authentic and are from someone they trust, while keeping in mind that the computer of even a trusted person may have been infected by a virus and be sending mail pretending to be them. So, if they are not expecting an attachment or link from someone, it is safer to contact them for assurance before opening or clicking. Also see SMBV3 vulnerability from March 2020 - The Microsoft SMB v3 vulnerability, CVE-2020-0796, was disclosed and patched in March 2020Preventing SMB traffic from lateral connections and entering or leaving the network (microsoft.com) |