15 May Ransomware WannaCry – Why You Are at Risk
Over the weekend, a worldwide Ransomware infection spread quickly. The Ransomware is utilizing the recently disclosed vulnerabilities in Windows software that allows a remote unauthenticated attacker to install software on a computer. There have been widespread infections as reported by CNN and various news sources. The attack utilizes the Microsoft vulnerability referenced in security bulletin MS17-010. The vulnerability does have a patch available since March 2017. Systems that are patched cannot be infected using the vulnerability. However, other methods can still install Ransomware on a computer.
Unlike typical Ransomware infections, this attack is utilizing a propagation method that allows for quicker deployment with no user interaction. An infected computer on a local network can push the Ransomware to another computer on the local network as long as the remote computer is unpatched. Additionally, infected computers try to connect to the public Internet to infect additional systems.
Antivirus vendors are releasing definitions to stop the current strain of the Ransomware. However, if a computer was already infected this will not recover the ransomed files. Additionally, the Ransomware uses a technique to avoid antivirus engines. A killswitch was identified for the current version of the attack and was implemented globally. The killswitch only works if the computer has Internet access during the time of the attack and if the user is using a proxy the killswitch may not work.
Security researchers expect the Ransomware to be modified or for new variants and attacks to utilize the same Windows vulnerability. If modified the antivirus mitigations and the killswitch may no longer be effective.
At the beginning of this infection, Microsoft’s unsupported Operating Systems did not have a patch available. Microsoft has decided to release patches for unsupported Operating Systems in order to mitigate this infection. Microsoft’s unsupported Operating Systems are Windows XP, Windows 2003 and Windows 8. However, the patches appear to require manual installation and will not be delivered through automatic Microsoft methods. Earlier versions of Microsoft Operating Systems may also be affected but no patch has been offered for such versions. Examples are Windows NT 4 and Windows 2000.
Customers of Aware’s MSP – RMM service were patched over the last few months if the operating environment allowed patching. Aware will also be patching MSP – RMM customers with unsupported Operating Systems manually.
Customers of Aware’s MA Support Services will be contacted and patching assistance will be provided as part of the MA agreement.
Related links.
CNN news story, http://money.cnn.com/2017/05/12/technology/ransomware-attack-nsa-microsoft/index.html
Microsoft related patch articles, https://technet.microsoft.com/en-us/library/security/ms17-010.aspx#KBArticle and https://support.microsoft.com/en-us/help/4013389/title
Antivirus vendor write-up, https://www.symantec.com/connect/blogs/what-you-need-know-about-wannacry-ransomware
Microsoft decides to release patches for unsupported Operating Systems, https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
CERT release, https://www.us-cert.gov/ncas/alerts/TA17-132A
- Harnessing Microsoft 365 Copilot for Educational Excellence - March 21, 2024
- How Can Microsoft Copilot Help Human Resources Staff? - March 20, 2024
- Microsoft Copilot for Human Resources - March 20, 2024
- The Business Benefits of Microsoft Copilot for Marketing Professionals - February 19, 2024
- The key business benefits of Microsoft Copilot - February 19, 2024
- How To Increase Your Employee’s Productivity with Copilot for Microsoft 365 Word - February 16, 2024
- Transform with AI – Journey with Aware - November 20, 2023
- What is Edge Computing? Advantages and Disadvantages: - May 20, 2022
- SAP Business One Vs Microsoft Dynamics 365 - November 12, 2021
- SAP Business One in Manufacturing - November 4, 2021