WannaCry, which started last Friday(12 May 2017) to sweep round the globe and has infected more than 300,000 computers in 150 nations, threatens to lock out victims who have not paid a sum of $300 to $600 within one week of infection. Parts of Britain’s National Health Service (NHS), Spain’s Telefónica, FedEx and Deutsche Bahn were hit,along with many other countries and companies worldwide. It’s also called WannaCrypt.
WannaCry spreads across local networks and the Internet to systems that have not been updated with recent security updates, to directly infect any exposed systems. To do so it uses the EternalBlue exploit developed by the U.S. National Security Agency (NSA), which was released by The Shadow Brokers two months before. A “critical” patch had been issued by Microsoft on 14 March 2017 to remove the underlying vulnerability for supported systems, nearly two months before the attack, but many organizations had not yet applied it. Those still running exposed older, unsupported operating systems such as Windows XP and Windows Server 2003, were initially at particular risk but the day after the outbreak Microsoft took the unusual step of releasing updates for these operating systems too.
Shortly after the attack began, a web security researcher who blogs as “MalwareTech” discovered an effective kill switch by registering a domain name he found in the code of the ransomware. This greatly slowed the spread of the infection, however new versions have now been detected that lack the kill switch. As per official news agencies reports, the cyber attack has slowed down drastically on 19 May 2017.
You can follow who’s affected by entering this link to see tracking map created by MalwareTech.
To avoid that If you’re running a Windows OS, make sure all your software is up to date. In addition, as always, do not open suspicious emails, click on links you don’t know or open any files you weren’t expecting. As we noted above Microsoft released a software update in March that protects against this vulnerability, but we’ve since learned that many people didn’t update their computers. Wannacry virus do not affect Mac, iPhone or Android devices.
Decryption of encrypted files is not possible at present but researchers continue to investigate the possibility. If you have backup copies of affected files, you may be able to restore them.
In some cases, files may be recovered without backups. Files saved on the Desktop, My Documents, or on a removable drive are encrypted and their original copies are wiped. These are not recoverable. Files stored elsewhere on a computer are encrypted and their original copies are simply deleted. This means they could be recovered using an undelete tool.
TO AVOID RANSOMVARE?
- New ransomware variants appear on a regular basis. Always keep your security software up to date to protect yourself against them.
- Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
- Email is one of the main infection methods. Be wary of unexpected emails especially if they contain links and/or attachments.
- Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
- Backing up important data is the single most effective way of combating ransomware infection. Attackers have leverage over their victims by encrypting valuable files and leaving them inaccessible. If the victim has backup copies, they can restore their files once the infection has been cleaned up. However organizations should ensure that backups are appropriately protected or stored off-line so that attackers can’t delete them.
For those persons or organizations who have not yet applied the security update, we suggest you immediately deploy those security update. You can see important information and security updates from these links below:
Microsoft Security Bulletin MS17-010 – Critical Updates
How to verify that MS17-010 is installed
Download English language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64
Download localized language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64
How to enable and disable SMB in Windows and Windows Server & GPO deployment
Applying MS17-010 using Microsoft Intune
ConfigMgr SQL queries for reporting on KBs related to MS17-010
John
actual topic
Thanks.
AsimA
Thanks.
zvodret iluret
I have not checked in here for a while because I thought it was getting boring, but the last several posts are good quality so I guess I will add you back to my everyday bloglist. You deserve it my friend 🙂
Suzette Yauck
I believe this internet site has got some very good information for everyone : D.
DMC5
Way cool! Some extremely valid points! I appreciate you writing this post and also the rest of the site is also very good.