Online retailer for industrial customers, commercial customers and public institutions - no sales to private customers
Switch to german languageIndustry-Electronics in English
Knowledge Base — Practical Insight on Storage, Backup, HardwareStopping Ransomware: Firewall Rules, TOR Blocking and Backup Strategy
KnowHow ► IT Security

Stopping Ransomware: Firewall Rules, TOR Blocking and Backup Strategy

Practical ransomware defence checklist: patching, SMBv1 disabling, firewall port rules, C&C server blocking and a watertight backup strategy. Lessons from WannaCry – current for 2024/2025.

Background: WannaCry and Its Successors

Since the devastating WannaCry attack on 12 May 2017, it has been clear: ransomware does not only hit individuals, but entire companies, hospitals and public authorities. The damage runs into billions. The good news: with the right precautions, the risk can be significantly reduced. Even though WannaCry has largely been contained, new and more sophisticated variants appear regularly. Act proactively.

Immediate Checklist: What Is Already Done?

Patches & Operating System

✓ MS17-010 and all current security patches installed?
✓ Current, Microsoft-supported OS? (Windows 10 or later recommended)
✓ Automatic updates enabled? 		Network & Protocols

✓ SMBv1 disabled company-wide? (Microsoft guide)
✓ Firewall blocks UDP 137/138 and TCP 139, 445 from the internet?
✓ TCP 3389 (RDP) blocked externally or restricted to VPN?

Block TOR Communication

Many ransomware variants communicate with their command-and-control (C&C) servers via the TOR network. Block all outgoing TOR connections at the firewall. Known C&C addresses from the WannaCry campaign:

xxlvbrloxvriy2c5.onion
cwwnhwhlz52ma.onion
57g7spgrzlojinas.onion
gx7ekbenv2riucmf.onion
76jdd2ir2embyv47.onion

BSI, CISA and commercial threat intelligence providers publish updated C&C block lists continuously. Keep your block lists current.

Antivirus & EDR

Modern endpoint protection is essential. Classic antivirus detects known signatures; Endpoint Detection & Response (EDR) solutions go further, detecting suspicious behaviour even without a known signature. Equally important is a rollback capability: damage incurred before detection can be undone automatically.

Rethink Your Backup Strategy

3-2-1 Rule

At least 3 copies of your data, on 2 different media types, with 1 offsite (remote location or cloud air-gap). 		Attack-Resistant Backups

Never use the backup server account for email or browsing. Restrict physical and network access. Offline media (tape, external HDD) cannot be encrypted by ransomware. 		Test Your Restore

Run a full restore test regularly. Can all data be recovered in an acceptable timeframe? We have helped customers restore complete datasets in under 30 minutes.

Key Behavioural Rules

  • No downloads from unknown sources.
  • Patch consistently – keep all systems up to date.
  • Never open email links or attachments from unknown senders – and be cautious with known senders too (compromised systems send mail to all address book entries).
  • Always maintain a current offline backup of important data.
Security consulting and training
We support you from staff training to strategic security concepts: sales@industry-electronics.com  |  Tel. +49 (0)7666 / 88499-0
Searching
Search is performed.
Please be patient ...
Fehlende Felder
Close