By now, I’m sure you’re aware of the WannaCry ransomware strain (also known as WanaCrypt0r and Wcry), which broke out over this past weekend. It is currently distributed via a Windows operating system vulnerability in the SMB protocol, and has infected networks in 150 countries worldwide.
A lot has happened in a short amount of time, so we want to make sure you have the most current information and a better understanding of how to protect your network. Here goes:
- First and foremost: Patch your systems. Although the exploit(s) used in the distribution of this ransomware is new (at least new to the public), the vulnerability is not, and a patch was released by Microsoft back in March (see the link below to Microsoft’s original post.) It takes advantage of SMBv1, so make sure all your Microsoft systems are patched, up-to-date, and using a more modern version of SMB.
- If you’re a Sentinel customer, Sentinels have measures in place to stop and alert on this exploit, and other related exploits from the Shadow Brokers’ release of alleged NSA tools a few weeks ago. If you are looking for these alerts on your Sentinel, search your Activity page for the terms ‘ETERNAL’ or ‘Shadow Broker’. Of course, we are currently contacting customers that appear to be affected.
Here are some good resources for more information on the issue:
- US-CERT’s bulletin on the issue: https://www.us-cert.gov/ncas/alerts/TA17-132A
- Microsoft’s original post on the SMB vulnerability: https://technet.microsoft.com/library/security/MS17-010
- Did you hear about the guy that shut down the ransomware (almost by accident) over the weekend? Here’s his story: https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
- One of the original stories from last Friday: https://www.bleepingcomputer.com/news/security/wana-decrypt0r-ransomware-using-nsa-exploit-leaked-by-shadow-brokers-is-on-a-rampage/
- Good ol’ Wikipedia: Contributors are doing a great job of keeping this page current with up-to-the-minute updates: https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
We hope you found this update useful. Remember, layered security is always your best protection against nefarious attacks.