<div>
Also read the post on the Microsoft Security Response Center blog - <a href="https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/" rel="ugc">Customer Guidance for WannaCrypt attacks</a><br />
<br />
Worth reading this thread i.e. <a href="https://social.technet.microsoft.com/Forums/en-US/45ce0ae2-18ee-48dc-98e8-362d1744aa45/wannacry-attack?forum=securityupdateguide" rel="ugc nofollow">WannaCry Attack</a>
</div>


Also read the post on the Microsoft Security Response Center blog - Customer Guidance for WannaCrypt attacks [https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/]

Worth reading this thread i.e. WannaCry Attack [https://social.technet.microsoft.com/Forums/en-US/45ce0ae2-18ee-48dc-98e8-362d1744aa45/wannacry-attack?forum=securityupdateguide]

<div>
Manual blocking is good as long as you're using it to supplement blacklists. However, if you're depending solely on manual blocks, then you have a problem.<br />
<br />
Here's a FireEye article that will give you some of the details you're interested in: <a href="https://www.fireeye.com/blog/products-and-services/2017/05/wannacry-ransomware-campaign.html" rel="ugc">https://www.fireeye.com/bl<wbr />og/product<wbr />s-and-serv<wbr />ices/2017/<wbr />05/wannacr<wbr />y-ransomwa<wbr />re-campaig<wbr />n.html</a>
</div>


Manual blocking is good as long as you're using it to supplement blacklists. However, if you're depending solely on manual blocks, then you have a problem.

Here's a FireEye article that will give you some of the details you're interested in: https://www.fireeye.com/blog/products-and-services/2017/05/wannacry-ransomware-campaign.html [https://www.fireeye.com/blog/products-and-services/2017/05/wannacry-ransomware-campaign.html]

<div>
<div class="content wysiwyg-content">
Is there such a list of IP or smtp domains (doesn't have to be up to the hour up-to-date) list so<br />
that we can block at our smtp?<br />
<br />
Blocking by firewalls is not good as the emails will still come in
</div>
</div>


Is there such a list of IP or smtp domains (doesn't have to be up to the hour up-to-date) list so
that we can block at our smtp?

Blocking by firewalls is not good as the emails will still come in

List of malicious sources of Wanna Cry smtp

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

Exchange

The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cyber security refers to the protection of personal or organizational information or information resources from unauthorized access, attacks, theft, or data damage. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Cyber Security

Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).

Network Analysis

Interactions between email servers and clients are governed by email protocols. The three most common email protocols are POP, IMAP and MAPI. Most email software operates under one of these (and many products support more than one).  The correct protocol must be selected, and correctly configured, if you want your email account to work.

Email Protocols

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

OS Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Network Security

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.