15 May Ransomware WannaCry – Why You Are at Risk
Over the weekend, a worldwide Ransomware infection spread quickly. The Ransomware is utilizing the recently disclosed vulnerabilities in Windows software that allows a remote unauthenticated attacker to install software on a computer. There have been widespread infections as reported by CNN and various news sources. The attack utilizes the Microsoft vulnerability referenced in security bulletin MS17-010. The vulnerability does have a patch available since March 2017. Systems that are patched cannot be infected using the vulnerability. However, other methods can still install Ransomware on a computer.
Unlike typical Ransomware infections, this attack is utilizing a propagation method that allows for quicker deployment with no user interaction. An infected computer on a local network can push the Ransomware to another computer on the local network as long as the remote computer is unpatched. Additionally, infected computers try to connect to the public Internet to infect additional systems.
Antivirus vendors are releasing definitions to stop the current strain of the Ransomware. However, if a computer was already infected this will not recover the ransomed files. Additionally, the Ransomware uses a technique to avoid antivirus engines. A killswitch was identified for the current version of the attack and was implemented globally. The killswitch only works if the computer has Internet access during the time of the attack and if the user is using a proxy the killswitch may not work.
Security researchers expect the Ransomware to be modified or for new variants and attacks to utilize the same Windows vulnerability. If modified the antivirus mitigations and the killswitch may no longer be effective.
At the beginning of this infection, Microsoft’s unsupported Operating Systems did not have a patch available. Microsoft has decided to release patches for unsupported Operating Systems in order to mitigate this infection. Microsoft’s unsupported Operating Systems are Windows XP, Windows 2003 and Windows 8. However, the patches appear to require manual installation and will not be delivered through automatic Microsoft methods. Earlier versions of Microsoft Operating Systems may also be affected but no patch has been offered for such versions. Examples are Windows NT 4 and Windows 2000.
Customers of Aware’s MSP – RMM service were patched over the last few months if the operating environment allowed patching. Aware will also be patching MSP – RMM customers with unsupported Operating Systems manually.
Customers of Aware’s MA Support Services will be contacted and patching assistance will be provided as part of the MA agreement.
Microsoft related patch articles, //technet.microsoft.com/en-us/library/security/ms17-010.aspx#KBArticle and //support.microsoft.com/en-us/help/4013389/title
Antivirus vendor write-up, //www.symantec.com/connect/blogs/what-you-need-know-about-wannacry-ransomware
Microsoft decides to release patches for unsupported Operating Systems, //blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
CERT release, //www.us-cert.gov/ncas/alerts/TA17-132A
- What is Microsoft Office 365 Business Premium? Plans & Pricing - June 13, 2019
- The 5 Ways We Build White Hat SEO Backlinks (with Examples) – B2B Corporate Marketing - May 3, 2019
- What makes Google Mobile Advertising so powerful? - January 30, 2019
- Protected: The Face Off: G Suite vs Office 365 – Who Battles to Business Victory? - January 9, 2019
- Thailand’s Great Cybersecurity Push - December 11, 2018
- Financial Services: IT Security & Cyber Protection in Banks from Malware and More - October 26, 2018
- Powering Thailand 4.0 - October 22, 2018
- Meet Gozi: The Number 1 Financial Malware - October 19, 2018
- Meet the Gazorp Malware Builder - October 18, 2018
- What is Artificial Intelligence: Machine & Deep Learning - September 7, 2018