15 May Ransomware WannaCry – Why You Are at Risk
Over the weekend, a worldwide Ransomware infection spread quickly. The Ransomware is utilizing the recently disclosed vulnerabilities in Windows software that allows a remote unauthenticated attacker to install software on a computer. There have been widespread infections as reported by CNN and various news sources. The attack utilizes the Microsoft vulnerability referenced in security bulletin MS17-010. The vulnerability does have a patch available since March 2017. Systems that are patched cannot be infected using the vulnerability. However, other methods can still install Ransomware on a computer.
Unlike typical Ransomware infections, this attack is utilizing a propagation method that allows for quicker deployment with no user interaction. An infected computer on a local network can push the Ransomware to another computer on the local network as long as the remote computer is unpatched. Additionally, infected computers try to connect to the public Internet to infect additional systems.
Antivirus vendors are releasing definitions to stop the current strain of the Ransomware. However, if a computer was already infected this will not recover the ransomed files. Additionally, the Ransomware uses a technique to avoid antivirus engines. A killswitch was identified for the current version of the attack and was implemented globally. The killswitch only works if the computer has Internet access during the time of the attack and if the user is using a proxy the killswitch may not work.
Security researchers expect the Ransomware to be modified or for new variants and attacks to utilize the same Windows vulnerability. If modified the antivirus mitigations and the killswitch may no longer be effective.
At the beginning of this infection, Microsoft’s unsupported Operating Systems did not have a patch available. Microsoft has decided to release patches for unsupported Operating Systems in order to mitigate this infection. Microsoft’s unsupported Operating Systems are Windows XP, Windows 2003 and Windows 8. However, the patches appear to require manual installation and will not be delivered through automatic Microsoft methods. Earlier versions of Microsoft Operating Systems may also be affected but no patch has been offered for such versions. Examples are Windows NT 4 and Windows 2000.
Customers of Aware’s MSP – RMM service were patched over the last few months if the operating environment allowed patching. Aware will also be patching MSP – RMM customers with unsupported Operating Systems manually.
Customers of Aware’s MA Support Services will be contacted and patching assistance will be provided as part of the MA agreement.
CNN news story, http://money.cnn.com/2017/05/12/technology/ransomware-attack-nsa-microsoft/index.html
Microsoft related patch articles, https://technet.microsoft.com/en-us/library/security/ms17-010.aspx#KBArticle and https://support.microsoft.com/en-us/help/4013389/title
Antivirus vendor write-up, https://www.symantec.com/connect/blogs/what-you-need-know-about-wannacry-ransomware
Microsoft decides to release patches for unsupported Operating Systems, https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
CERT release, https://www.us-cert.gov/ncas/alerts/TA17-132A
- Audience Reporting Explained: How Do I Use it for My Business? - July 2, 2020
- What is Realtime Reporting in Google Analytics & What’s the Real Business Benefit? - June 29, 2020
- What is the Difference Between Business Continuity & Disaster Recovery? - April 2, 2020
- The Best WFH Business Software Solutions for Remote Employees - March 30, 2020
- Covid 19 Contact Form - March 23, 2020
- Power BI: Desktop vs Pro vs Premium - March 17, 2020
- 10 Benefits of Microsoft Power BI - March 16, 2020
- What is Power BI? - March 13, 2020
- Rethinking the Customer Journey: Micro Moments for digital marketing in 2020. - March 9, 2020
- Google Ads Audiences and Signals Explained - January 31, 2020