If you’ve looked at any news site in the last few days you’ve seen reports of a worldwide cyberattack of an unprecedented scale that’s been dubbed “Wannacry” or “Wanna Decryptor”.
Here is what you need to know about Wannacry Ransomware Cyberattack now:
- The malware is of the Ransomware type, which means that it will encrypt all or most of the data on affected systems, rendering the system unusable. A ransom in bitcoins is demanded via a splash screen on the affected computer.
- We have seen no evidence as of the time of writing this post that data is also being stolen as part of the cyber attack, though that possibility may exist in the future.
- The malware has “worm” functionality, which means that you don’t have to click on a link or download a file to be infected. The malware, once it is on a network, will travel across that network automatically to infect vulnerable machines that are attached to that network, similar to an airborne virus.
- The malware currently affects only machines using the Windows operating system. It has only been found to affect versions of Windows prior to Windows 10.
- Microsoft issued a patch, MS17-010 for the vulnerability on March 14th, 2017.
- Microsoft also just issued patches for Windows XP and Windows Server 2003 (which are at end of life, which means Microsoft no longer supports them).
- According to Microsoft blocking the callback from the malware to a domain it is programmed to call at either the ISP or enterprise network level causes the ransomware to continue spreading and to encrypt files.
- Microsoft has also added new protections on Friday to protect against WannaCry. Anyone running Microsoft’s antivirus software with Windows updates enabled should be protected, according to a Microsoft spokesperson.
- According to various sources (including Kaspersky and Avast Software, anti-virus vendors) as of Friday May 12th the malware had hit over 45,000, and as many as 57,000 computers, worldwide.
- According to Kaspersky over 74 countries were hit, including: the U.S., Russia, Spain, Ukraine, Taiwan, U.K., and Brazil, among many others.
- There is little data as of the time of writing this on whether payment will result in decryption and restoration of an affected user’s data. Splash screens on affected systems have been asking for $300 in bitcoin from compromised machines.
What can you do about Wannacry Ransomware Cyberattack?
- Immediately patch all of your Microsoft operating systems. The patch can be found here.
- If possible, upgrade to Windows 10.
- If it is not possible to apply the patch or upgrade to Windows 10, Microsoft’s Knowledge Base Article 2696547 provides a temporary fix that involves disabling SMBv1.
- Add a rule to your perimeter routers and firewalls to block incoming SMB traffic on port 445
- Update all of your antivirus systems and profiles.
- Enable Windows Defender Antivirus. Windows Defender Antivirus detects this threat as Ransom:Win32/WannaCrypt as of the 1.243.297.0 update.
- Ensure that your backups are current and completed daily, and that your backup data files are kept on an air gapped or otherwise separated system from your operation networks. This is to prevent the malware from encrypting your backup files as well as your operating files.
- Stay abreast of the latest updates on the malware. Often after an initial attack opportunists will morph the malware to bypass defenses or use it in alternate ways to cause more damage or to steal data. Follow our blog for the latest updates at http://blog.sentekglobal.com, or on Twitter at @sentekglobal.