15 May Ransomware WannaCry – Why You Are at Risk
Over the weekend, a worldwide Ransomware infection spread quickly. The Ransomware is utilizing the recently disclosed vulnerabilities in Windows software that allows a remote unauthenticated attacker to install software on a computer. There have been widespread infections as reported by CNN and various news sources. The attack utilizes the Microsoft vulnerability referenced in security bulletin MS17-010. The vulnerability does have a patch available since March 2017. Systems that are patched cannot be infected using the vulnerability. However, other methods can still install Ransomware on a computer.
Unlike typical Ransomware infections, this attack is utilizing a propagation method that allows for quicker deployment with no user interaction. An infected computer on a local network can push the Ransomware to another computer on the local network as long as the remote computer is unpatched. Additionally, infected computers try to connect to the public Internet to infect additional systems.
Antivirus vendors are releasing definitions to stop the current strain of the Ransomware. However, if a computer was already infected this will not recover the ransomed files. Additionally, the Ransomware uses a technique to avoid antivirus engines. A killswitch was identified for the current version of the attack and was implemented globally. The killswitch only works if the computer has Internet access during the time of the attack and if the user is using a proxy the killswitch may not work.
Security researchers expect the Ransomware to be modified or for new variants and attacks to utilize the same Windows vulnerability. If modified the antivirus mitigations and the killswitch may no longer be effective.
At the beginning of this infection, Microsoft’s unsupported Operating Systems did not have a patch available. Microsoft has decided to release patches for unsupported Operating Systems in order to mitigate this infection. Microsoft’s unsupported Operating Systems are Windows XP, Windows 2003 and Windows 8. However, the patches appear to require manual installation and will not be delivered through automatic Microsoft methods. Earlier versions of Microsoft Operating Systems may also be affected but no patch has been offered for such versions. Examples are Windows NT 4 and Windows 2000.
Customers of Aware’s MSP – RMM service were patched over the last few months if the operating environment allowed patching. Aware will also be patching MSP – RMM customers with unsupported Operating Systems manually.
Customers of Aware’s MA Support Services will be contacted and patching assistance will be provided as part of the MA agreement.
CNN news story, http://money.cnn.com/2017/05/12/technology/ransomware-attack-nsa-microsoft/index.html
Microsoft related patch articles, https://technet.microsoft.com/en-us/library/security/ms17-010.aspx#KBArticle and https://support.microsoft.com/en-us/help/4013389/title
Antivirus vendor write-up, https://www.symantec.com/connect/blogs/what-you-need-know-about-wannacry-ransomware
Microsoft decides to release patches for unsupported Operating Systems, https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
CERT release, https://www.us-cert.gov/ncas/alerts/TA17-132A
- Magento vs WordPress | What’s Best for your Business – Pros & Cons - August 22, 2019
- What is the best platform for eCommerce Websites? Shopify, Magento, or WordPress? - July 23, 2019
- What should I do, I have received a letter requesting a BSA software audit? - July 15, 2019
- What is the BSA Software Alliance? - July 15, 2019
- Benefits of Office 365 for Business – What plan is for you? - June 21, 2019
- Office 365 Business Premium vs Essentials: - June 20, 2019
- Office 365 Business Premium vs Business (Standard): - June 20, 2019
- Office 365 Business Premium vs E5, E3, E1 & Pro Plus - June 18, 2019
- What is Microsoft Office 365 Business Premium? Plans & Pricing - June 13, 2019
- The 5 Ways We Build White Hat SEO Backlinks (with Examples) – B2B Corporate Marketing - May 3, 2019