Ransomware case

To be honest, there's no 100% guaranteed way to prevent ransomware attacks as the viruses change on a daily basis and get more complicated with each passing week. Still, ensuring your servers are secure and protected as much as you can make them is the first port of call:

• Make sure you have up to date antivirus and anti-malware applications.
• Ensure that all servers are kept up-to-date with latest windows updates.
• Ensure that access to files/folders/servers are restricted to only necessary persons and that all user accounts are protected with strong passwords and a good password policy.
• Most importantly - ensure you have good, usable backups of all servers. these backups should not be connected to the server all the time - keep a backup off-site that can't be affected by the virus if the worse happens.
• Ensure that users are aware of dangers and follow any IT security requirements accordingly

There was another post just a few hours ago about this.

Ultimately I think the consensus was to keep all servers patched (there was a release in March for the randsomware patch) and keep your firewall rules fresh and perhaps employ IDPS (intrusion detection and prevention systems) inline rather than retrospectively.

Can ask that you can help to check out the FAQ on safeguards and practice to lockdown the machine.
https://www.experts-exchange.com/articles/28059/TL-DR-Ransomware-Infected.html

Key basic measures:

Application whitelisting using applocker

Remove administrator from user

Augment Anti-virus with anti ransomware, can check out Kaspersky Watcher.
https://support.kaspersky.com/10905

Harden the machine by disabling SMB but you need to make the risk assessment whether your system is using any file shares. The current WannaCry outbreak exploit this for spread to infect other machines.

Keep all the update of OS and applications to latest. Esp those of Microsoft, Adobe appl. Use reader and disable macro if possible.

Make sure you have a valid backup that is stored off the machine and readily able to recover your data.

Importantly it is user awareness on the phishing email with malicious url or attachments even though you may anti spam and anti spoofing email gateway, your user is still the weakest link.

Also make sure you have an excellent spam filter and that users do not get or open email from strangers. This is how ransomware spreads.

Unless you have full verified backups isolated from the main infrastructure either physically or virtually nothing else can guarantee full protection...
My personal advise is that is better to have a month old of data than no data....

To expand on John Tsioumpris sentiments:
Even with full backups you still run the risk of infection if you don't apply patches offline before coming back online.

The nature of the worm is to quickly detect and exploit a vulnerability.

Have a look at this white paper on dealing with worms by Cisco, I also believe this is backed up by NIST and the CISSP curriculum (more or less):
http://www.cisco.com/c/en/us/about/security-center/worm-mitigation-whitepaper.html

The Full Backup restore is only good was the threat has eliminated....this is common sense...
To add something irrelevant i feel that we are just a step away from total annihilation...it's just a matter of time before ransomware developers decide/learn to move to the next level....

From a technical aspect, keep things patched and up to date (think of this as a great change to tighten up your update policy), evaluate using HIPS. Also be sure to check the perimeter and ensure that you don't have any unneeded ports open.. look at implementing multifactor authentication where feasible. Maintain on and offsite backups. Systems that have no reason to access the internet, isolate them if possible.

Educate, educate, educate. User awareness is going to be one of your biggest lines of defense because so many things get introduced to a network because of either infected USB drives or phishing emails.

I would agree in general that education/training is an essential mitigating factor in most security issues.

I suspect as far as this issue education would have been fairly ineffective due to the nature of the worm and the SMB vulnerability.

However, saying that, education about prevention may not have been effective, education about treatment may well have been good.

In this case the user was probably unlikely to agree to pay £250 for the ransom, however, it is important that the end-user doesn't try to tackle issues like this themselves.

Is there any recommended updates should i install it on the servers

Do ALL updates. Windows Updates, select all and let run.

Did you ever install the MS17-010 patches? They were first released as part of the March update for workstations and servers alike.

if you are referring to WannaCry  ransomware, you should immediately deploy Microsoft Security Bulletin MS17-010.
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
As well as update the AV and IPS with latest  signature, it will already have the detection for this ransomware.  See further advisory
https://www.us-cert.gov/ncas/alerts/TA17-132A
Otherwise for general  ransomware safeguards, it is those preventive measures suggested.

It has been mentioned by btan, but needs to be mentioned again: since on single servers, the list of executables we would allow to run is small, anyone should definitely consider to deploy applocker policies. Applocker will stop any unknown executable.

I have also blocked regular users from executing anything in the temp space unless explicitly whitelisted... This helps stop web drive by's.
Use something like this...  http://blogs.msmvps.com/bradley/2013/10/15/cryptolocker-prevention-kit/

Scott, why should we use black listing when whitelisting is much more effective? On servers, the danger not to whitelist needed code is small since the roles it has should be very clear.

Either one would work, but I had trouble with whitelisting not setting on all boxes... So I blacklisted with wildcards and whitelisted needed apps farther down the lists...

Never had trouble with whitelisting. It makes less work in total.

WannaCry ransomware cyber attack: Here's how you can save your data: http://www.business-standard.com/article/current-affairs/wannacry-ransomware-cyber-attack-here-s-how-you-can-save-your-data-117051300508_1.html

Also get help from this earlier thread.

Hope this helps!

Thanks all

Many Thanks

Alkannetworks, did you know that you can select multiple answers? You should "reward" anyone that helped you and I doubt that this was only one expert.