Monday, 15 May 2017
As we start Monday, organizations are likely having the same conversation after hearing about a major Ransomware attack over the weekend. What happened? What is WannaCry? Are we exposed?
The WannaCry ransomware has exposed an ugly truth with IT security. When the basics are ignored due to putting off important updates or not wanting to spend money on anti-virus protection.
So, what happened?The WannaCry Ransomware is a type of malicious software that blocks access to a computer or its files, demanding money to unlock the files. Friday’s attack encrypted more than 200,000 computers in more than 150 countries, demanding a payment of $300. Researchers say payments won't help, as there is no way to actually track who has paid the ransom, and the decryption process requires personal interaction with the attackers. It's best to assume the files are lost unless there is a backup.
Making things worse, in addition to leveraging an exploit stolen form the NSA, Friday's attacks also included the installation of another stolen NSA tool – Double Pulsar – which leaves infected systems encrypted and exposed to remote attacks.
Warning for Monday: If you turn on a system without the MS17-010 patch and TCP port 445 open, your system can be ransomwared.
At the time of writing this, they have collected $53,453.58 USD in payments since Friday.
The three bitcoin wallets tied to #WannaCry ransomware have received 194 payments totaling 31.38971127 BTC ($53,453.58 USD).— actual ransom (@actual_ransom) May 15, 2017
Updates, patches, anti-virus and blameWhile Microsoft had released updates to patch the NSA exploits targeting SMB in March. However, these updates were for Windows Vista, Windows 7, Windows 8.1, and Windows 10, along with Windows Server 2008-2016. It was late Friday that Microsoft released patches for Windows XP and Server 2003. As solid paid anti-virus that blocks Ransomware would have also worked in preventing the spread.
Patching isn't a silver bulletWith many organizations like the NHS relying on Windows XP, which was discontinued from Microsoft's update cycle last year. Patching these systems is not always an option as they may have be relying on expensive medical devices that are using software not compatible with latest version of WIndows.
The silver liningMost anti-virus vendors and endpoint protection vendors will detect Friday's variant of WannaCrypt, so new infections should be easier to flag. However, this doesn't mean the worst is over. Additional attacks are expected, which is why patching, disabling SMBv1, backups and paid anti-virus are so vital.
The WannaCry ransomware had slowed by late Friday partly due to a researcher who discovered the kill switch. All he had to do was register a domain because if the domain responds, WannaCry doesn't spread. Another variation on Sunday was stopped using a similar domain.
Kill Switch from Friday:
Kill Switch from Sunday:
My real life friends don't know about my blog/twitter/job, etc... So today is going to be interesting.— MalwareTech (@MalwareTechBlog) May 14, 2017
Remember, payment won't recover the encrypted files. If backups aren't an option, you'll have restore the system and keep infected hard drive with hopes that there will be a decryption tool available in the weeks or months ahead.
Please ensure you update your system and have solid paid anti-virus. We recommend MalwareBytes Anti-Exploit ($49.95) and ESET Internet Security ($59.95).
As we start Monday, organizations are likely having the same conversation after hearing about a major Ransomware attack over the weekend. Wh...
You can download the app free of charge from Google Play or Apple App Store. The app has recently been updated as Tapatalk celebrates its...
Good news! BlackBerry 10 smartphones and BlackBerry Playbook now support ActiveSync so Thexyz Premium Email syncs calendars and contacts no...
We have secured great discounts on domains for the rest of month. Mar ch Domains Discounts Enjoy unbelievable discounts on your p...
Outlook 2013 Works Like Exchange With Thexyz Mobile Sync With Microsoft Outlook 2013 you can setup Thexyz Premium Webmail to work like an...
- ▼ 2017 (5)
- ► 2016 (23)
- ► 2015 (34)
- ► 2014 (40)
- ► 2013 (41)
- ► 2012 (43)
- ► 2011 (69)
- ► 2010 (52)
- ► 2009 (11)