Weaponised Wanna Decryptor Worm

Patch MS17-010 NOW!!!

Cryptomalware which has affected Telefonica and other organisations in Spain; and the NHS in the UK has recently been confirmed as being a fully weaponised version of the crypto malware Wanna Decryptor (aka “Wannacry” and “Wcry”).
As far as we currently understand this new strain incorporates active exploitation of the vulnerability patched in the MS17-010 update released by Microsoft in March.

This is novel behaviour for cryptomalware and we expect this to have widespread effects. We strongly advise you to ensure all internal systems (especially critical domain controllers, fileservers and exchange servers) have the MS17-010 patch applied as soon as possible.

Additionally, ensure TCP ports 3389, 445 and 139 are not exposed to the Internet.

Because of the nature of malware propagation you should ensure that any back-ups are held offline; if backups are offline they cannot be encrypted in the event of your network being hit.

Further updates will be released as we investigate the nature of this attack but do ensure you follow major news feeds on twitter, LinkedIn etc…

Sources:
https://krebsonsecurity.com/2017/05/u-k-hospitals-hit-in-widespread-ransomware-attack/
https://www.theregister.co.uk/2017/05/12/spain_ransomware_outbreak/
https://isc.sans.edu/diary/22412
https://intel.malwaretech.com/botnet/wcrypt

This entry was posted in Advisories, News. Bookmark the permalink.

Comments are closed.