If you can't read please download the document
Upload
vankien
View
226
Download
7
Embed Size (px)
Citation preview
HNG DN CU HNH PHNG CHNG M C TNG TIN
trnh b m c m ha d liu (m c tng tin) ExPetr (hay cn gi l NotPetya), di
y l mt s tc v m Kaspersky Lab khuyn ngh ngi dng v cc qun tr vin thc
hin:
- Khng click vo cc ng link hoc cc file nh km trong email, trong cc tin nhn tr khi xc nhn c nhng file nh km v ng link ny l an ton.
- Thc hin cp nht cc bn v cho h iu hnh cng nh cc ng dng khc. M c m ha d liu (m c tng tin) ExPetr cng hot ng da trn l hng
EnternalBlue c thng tin trc y. V nguyn tc u tin phng chng m
c tng tin ExPetr l phi thc v cc l hng v chy cc bn cp nht, c bit l
MS17-010 v CVE-2017-0199.
- ng thi, ngi dng cn sao lu tt c cc d liu quan trng sang nhng thit b lu tr hoc lu tr trn Cloud.
Ngoi ra, Kaspersky pht hin ra mt s mu tn cng ca m c ny vi mt s thng
tin nh sau:
Trojan-Ransom.Win32.PetrWrap.d
HEUR:Trojan-Ransom.Win32.PetrWrap.d
PDM:Trojan.Win32.Generic
UDS: DangerousObject.Multi.Generic
Intrusion.Win.MS17-010.e
Hng dn phng chng cho khch hng c nhn:
1. Kim tra v tt SMB trn my tnh, Laptop M Control Panel v Click Turn Windows features on or off
B chn ti cc dng SMB
2. Chy Windows Updates
3. Ci t Phn mm Antivirus c bn quyn ca Kaspersky v bt cc tnh nng System Watcher, IM Anti-Virus, Mail Anti-Virus
4. m bo rng Database c update. Nu khng, click chut phi vo biu tng ca Kaspersky trn thanh Task bar v chn Run database Update
V chy Update
5. Thc hin d qut virus trn my tnh. Khi ng li my tnh nu pht hin cc
m c.
Hng dn phng chng cho khch hng doanh nghip t chc:
1. Qun tr vin cn gi cnh bo cho tt c ngi dng trong h thng v m m c tng tin mi ny v yu cu ngi dng khng click vo cc ng link
cng nh file nh km m khng th kim chng an ton, cng nh khng
nh truy cp vo cc Website c ni dung khng tt.
2. Sao lu ton b cc d liu quan trng sang cc thit b lu tr, lu tr trn Cloud.
3. Trn Kaspersky Security Center, qun tr vin thc hin chy cp nht c s d liu.
V ln lch update cho cc my ch, my trm.
4. Hy s dng tnh nng Vulnerabitliy, Patch Management trong KESB pht hin ton b cc l hng trong h thng. c bit, i vi cc thit b c cha l
hng MS17-010 v CVE-2017-0199 cn cch ly v thc hin chy Update.
5. Bt tnh nng System Watcher v chn Roll back malware actions during disinfection
6. Cu hnh Application Privilege Control ngn chn m c tng tin xa file gc sau khi m ha.
Thm cc extension thit lp quyn cho cc ng dng ny nh .txt, .docx,
.pptx
Chn Block trn cc hnh ng Write, Delete v Creat vi c Low Resticted v
High Restricted
7. Bt tnh nng Anti-Cryptor for Windows Server.
V cu hnh trong Anti-Cryptor
8. ngn chn ly nhim m c m ha tng tin t cc ngun online, bt tnh nng IM Anti-virus
Bt tnh nng Web Anti-Virus v chn Block Download
Bt Web Control v cm ngi dng truy cp cc website khng ph hp.
Bt tnh nng Mail Anti-Virus
9. Trn KSC, cu hnh cm inbound/outbound trn cc port TCP/UDP 135, 139 v TCP 445.
10. Nu c th, tt SMB
11. Chy Virus Scan task
12. i vi nhng qun tr vin c kinh nghim trong s dng YARA pht hin m c, Kaspersky pht trin b rule mu pht hin m c ny.
--Ht --