Worldwide ransomware attack, WCry

An outbreak of the WCry (also known as WannaCry/WanaCrypt0r) ransomware began to be reported May 12, 2017. The attack was worldwide and deemed by some as “the biggest ransomware outbreak in history.”

The goal of the attack, like all ransomware, is to encrypt computer files making them unavailable to the computer user. A payment is required to get the key which unlocks the files.

The ransomware was discovered in early February 2017, but was recently updated and began spreading quickly. It is delivered via a phishing email. When downloaded it exploits an SMB vulnerability (Small Message Block is a file sharing protocol used by Windows operating systems). The vulnerability was addressed in March 2017 by Microsoft Security Bulletin MS17-010. WCry will use unpatched SMB to spread payloads to vulnerable machines on the same network and to randomly choose IP addresses on external networks.

If Windows systems are patched, in accordance with MS17-010, the SMB vulnerability is resolved and the systems are not vulnerable. 

CoNetrix Technology customers with Network Advantage managed service agreements were automatically updated in March 2017 when this patch was initially released.

CoNetrix recommends that all customers verify this update is installed as soon as possible.

 

IT Security Alerts