As many have already heard, recently a massive ransomware attack began to spread globally at an unprecedented rate. As of now, some 99 countries have been hit with the WannaCry ransomware. This attack sought out certain organizations and institution throughout the world, with most of the targets located in Russia, Ukraine and Taiwan. However, it quickly made its way throughout Europe and the rest of the Far East. Now it is knocking on our door.
The initial attack vector has been email, through spam. These messages are typically fake invoices, job offers and other lures which are sent to random email addresses. Within the email is a .zip file and once clicked, that initiates the WannaCry infection.
The attack is then spreading on internal networks using a P2P exploitation of SMB (Server Message Block) known as EternalBlue. The files are being dropped by a worm which abuses SMB, a network file sharing protocol. Other aspects of the malware leverages file-less exploitation techniques, and the malware is morphing rapidly in the wild with over a dozen variants seen thus far.
Make sure to be vigilant about your emails and let your staff know that personal emails should not be opened at the business location.
Patch management: The vulnerabilities exploited by this ransomware have had patches available for over two weeks, and yet many systems on the internet (and many more in local networks) remain vulnerable. Keep ALL your systems (not just servers) up to date with the latest patches. Your operating systems and browsers will take care of themselves (although you need to monitor them.
Antivirus/Malware: programs are detecting the new ransomware but like anything else it needs to be updated and you still need to take precaution. Antivirus is not 100% catch all.
Train your staff and take precautions to avoid contracting this new ransomware. Feel free to contact our staff at Pinnacle Hospitably Services if you have any questions.
For information on how to mitigate this vulnerability, users and administrators are encouraged to review the US-CERT article on Microsoft SMBv1 Vulnerability and the Microsoft Security Bulletin MS17-010 (link is external).