As many of you are aware, last week saw the outbreak of the most serious malware worm in recent history. The virus spread across the globe, mostly targeting networks in Europe and also causing damage to networks here in the US.
What is WannaCrypt?
It’s a virus/ worm that exploits a vulnerability in the Microsoft Windows Server Messaging Block service, and allows remote code execution. It installs malicious code that encrypts your data, and probes your network for additional vulnerable systems, crawling the network until it runs out of exploitable systems. The vulnerability exists in all versions of Windows from XP through 2012r2, but there is a patch available for all versions of Windows back to Windows 7 and Server 2008.
The Microsoft patch for the vulnerability was released on March 14th, 2017. If you’re a Perception Managed Services customer with our Professional service level on your devices, you received the patch as soon as it was released by Microsoft on your workstations, and shortly thereafter for Servers (server updates go through a review and approval process before they’re released to Client systems).
What’s the current status of the worm?
This weekend, a researcher in Europe found code that the virus runs that connects to a specific URL to see if it should stop running. The Domain in the URL was not registered, so the researcher did that and effectively disarmed the spread of the virus by enabling a built-in ‘kill switch’ in the code.
It is highly likely that new variants of the exploit will be released in the wild without the kill switch component. However they’ll likely exploit the same vulnerability.
What can I do to protect myself and my systems?
This is a common refrain that every one of our customers has heard from us over and over again: Keep your systems up to date, and run current, managed Antivirus software. And install a proper firewall on your network edge, and enable the built-in firewall on your workstation and server systems.
This threat is a non-issue for properly patched and protected systems, but is a major disaster for improperly managed networks, or networks running obsolete or unsupported software (Windows XP or Windows 2003 server).
At its simplest the way to protect yourself is to follow best practices around network management and security: Use current, supported Operating Systems (No Windows 2003 or XP). Use a managed update service that not only releases updates to your machines but verifies that they’re installed and lets us know if they’re missing. And use a Managed Antivirus service where updates and upgrades are pushed to workstations, and issues are reported to your managed services provider. And when in doubt, call a professional to ensure that you’re covered.
Further reading:
Microsoft Security Advisory MS017-010:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
Microsoft bulleting re: Wannacrypt:
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Further reading:
https://www.theregister.co.uk/2017/05/14/microsoft_to_spooks_wannacrypt_was_inevitable_quit_hoarding/
http://www.zdnet.com/article/windows-ransomware-wannacrypt-shows-why-nsa-shouldnt-stockpile-exploits-says-microsoft/
https://www.forbes.com/sites/leemathews/2017/05/13/microsoft-update-wannacrypt-ransomware/