Organizations around the world have been infected by a huge ransomware campaign dubbed “WannaCry” or “WanaCrypt0r 2.0”. More than 45,000 attacks in 74 countries have been recorded, and that number is still growing. The attack encrypts all files on the infected computer systems and results in the computers becoming locked up and unusable.
Affected Industries: All Industries
The attack appears to be utilizing a Windows exploit called “EternalBlue”, which is a hacking tool that was allegedly developed and used by the NSA before being released to the public by the hacker group “Shadow Brokers”. Microsoft released a patch for the vulnerability on March 14th, 2017. Once a computer is infected, all files are encrypted and a message is displayed which demands approximately $300 in Bitcoin to be paid within 6 hours or else the ransom will increase. The ransomware is then able to spread throughout the internal network to other vulnerable computers by utilizing EternalBlue, which exploits a flaw in Microsoft’s Server Message Block 1.0 (SMBv1) protocol.
It is imperative that Microsoft patch MS17-010 is applied, as this will mitigate the vulnerability by which the infection is spreading. In addition, ensure that up-to-date backups of all critical servers/workstations are maintained so as to mitigate the fallout of a successful attack. Lastly, due to the fact that a majority of ransomware attacks are spread by e-mail attachments, ensure that users are vigilant and do not open suspicious e-mail attachments or links.