Block SMB access to the Internet, which runs over TCP ports 137, 139, 445 and UDP
ports 137, 138.
Apply the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017. Filter and monitor email for phishing attacks, watching for inbound executable and macro-enabled attachments. Utilize least privilege by giving users access only to the resources they need to conduct their jobs to contain damage from a compromised user account. Reduce and restrict full administrative privileges. Segregate administrative accounts from system administrators and from the user accounts they use to read email and surf the web. Also, restrict common administrative access to TCP ports such as 22, 23, and 3389. Configure internal access controls to contain infection contagion within the networks. Block or restrict SMB (TCP ports 137, 139, 445 and UDP ports 137, 138). Send internal flash bulletins to users regarding this outbreak, warning them to beware of attachments as well as cautioning them not to bring in possible infected outside devices (teleworkers, vendors, home computers) to the office network. Perform and test backups regularly.