HNG DN CU HNH PHNG CHNG M C TNG TIN

trnh b m c m ha d liu (m c tng tin) ExPetr (hay cn gi l NotPetya), di

y l mt s tc v m Kaspersky Lab khuyn ngh ngi dng v cc qun tr vin thc

hin:

- Khng click vo cc ng link hoc cc file nh km trong email, trong cc tin nhn tr khi xc nhn c nhng file nh km v ng link ny l an ton.

- Thc hin cp nht cc bn v cho h iu hnh cng nh cc ng dng khc. M c m ha d liu (m c tng tin) ExPetr cng hot ng da trn l hng

EnternalBlue c thng tin trc y. V nguyn tc u tin phng chng m

c tng tin ExPetr l phi thc v cc l hng v chy cc bn cp nht, c bit l

MS17-010 v CVE-2017-0199.

- ng thi, ngi dng cn sao lu tt c cc d liu quan trng sang nhng thit b lu tr hoc lu tr trn Cloud.

Ngoi ra, Kaspersky pht hin ra mt s mu tn cng ca m c ny vi mt s thng

tin nh sau:

Trojan-Ransom.Win32.PetrWrap.d

HEUR:Trojan-Ransom.Win32.PetrWrap.d

PDM:Trojan.Win32.Generic

UDS: DangerousObject.Multi.Generic

Intrusion.Win.MS17-010.e

Hng dn phng chng cho khch hng c nhn:

1. Kim tra v tt SMB trn my tnh, Laptop M Control Panel v Click Turn Windows features on or off

B chn ti cc dng SMB

2. Chy Windows Updates

3. Ci t Phn mm Antivirus c bn quyn ca Kaspersky v bt cc tnh nng System Watcher, IM Anti-Virus, Mail Anti-Virus

4. m bo rng Database c update. Nu khng, click chut phi vo biu tng ca Kaspersky trn thanh Task bar v chn Run database Update

V chy Update

5. Thc hin d qut virus trn my tnh. Khi ng li my tnh nu pht hin cc

m c.

Hng dn phng chng cho khch hng doanh nghip t chc:

1. Qun tr vin cn gi cnh bo cho tt c ngi dng trong h thng v m m c tng tin mi ny v yu cu ngi dng khng click vo cc ng link

cng nh file nh km m khng th kim chng an ton, cng nh khng

nh truy cp vo cc Website c ni dung khng tt.

2. Sao lu ton b cc d liu quan trng sang cc thit b lu tr, lu tr trn Cloud.

3. Trn Kaspersky Security Center, qun tr vin thc hin chy cp nht c s d liu.

V ln lch update cho cc my ch, my trm.

4. Hy s dng tnh nng Vulnerabitliy, Patch Management trong KESB pht hin ton b cc l hng trong h thng. c bit, i vi cc thit b c cha l

hng MS17-010 v CVE-2017-0199 cn cch ly v thc hin chy Update.

5. Bt tnh nng System Watcher v chn Roll back malware actions during disinfection

6. Cu hnh Application Privilege Control ngn chn m c tng tin xa file gc sau khi m ha.

Thm cc extension thit lp quyn cho cc ng dng ny nh .txt, .docx,

.pptx

Chn Block trn cc hnh ng Write, Delete v Creat vi c Low Resticted v

High Restricted

7. Bt tnh nng Anti-Cryptor for Windows Server.

V cu hnh trong Anti-Cryptor

8. ngn chn ly nhim m c m ha tng tin t cc ngun online, bt tnh nng IM Anti-virus

Bt tnh nng Web Anti-Virus v chn Block Download

Bt Web Control v cm ngi dng truy cp cc website khng ph hp.

Bt tnh nng Mail Anti-Virus

9. Trn KSC, cu hnh cm inbound/outbound trn cc port TCP/UDP 135, 139 v TCP 445.

10. Nu c th, tt SMB

11. Chy Virus Scan task

12. i vi nhng qun tr vin c kinh nghim trong s dng YARA pht hin m c, Kaspersky pht trin b rule mu pht hin m c ny.

--Ht --