Ransomware Wreaking Havoc – WannaCry

What about it:

On Friday May 12th, 2017, a ransomware called WannaCry started infecting and spreading to machines. The worldwide ransomware cyber attack wreaked havoc in hospitals, schools and offices across the globe over the weekend. Asia reported thousands of new cases but no large-scale breakdowns.

This ransomware supports 28 different languages, encrypts 179 different type of files and requires victims to wire money ($300-$600) via bitcoins to get the control back of their machines.

The full extent of the damage from the cyber attack, felt in 150 countries, was unclear and could worsen if more malicious variations of the online extortion scheme appear.

The initial attack paralyzed computers running Britain’s hospital network, Germany’s national railway and scores of other companies and government agencies around the world.

As a loose global network of cyber security experts fought the ransomware, the attack was disrupting computers that run factories, banks, government agencies and transport systems in scores of countries, including Russia, Ukraine, Brazil, Spain, India and Japan, among others. Among those hit were Russia’s Interior Ministry and companies including Spain’s Telefonica and FedEx Corp. in the U.S.

It is believed the ransom-ware used an SMB vulnerability patched by Microsoft (MS17–010) in March. A public exploit for this vulnerability had been released in April by a group subbed as ShadowBrokers. This vulnerability is believed to have been used by the NSA to take over their targets including the backbone of financial institutions in the Middle East.

What to do:

APPLY NOW for the emergency updates release by Microsoft!

If you are using unsupported versions of Windows such as XP and Vista, you are in big trouble and should do a crisis meeting now. This is going to be a very long week for a lot of companies around the World.

It had been reported/rumored that the initial attack vector (pre-SMB) comes from file attachments over emails, make sure to tell your employees to not open suspicious documents.

Call your IT support team for any questions or concerns or with any help getting the patch installed on your machine.

On-Site Computing (219) 663-7483