Since Friday, you may have seen news alerts about ransomware known as WannaCrypt, WCry and WannaCry, which began encrypting victims’ computer files in the UK, causing some businesses to temporarily close down.
This particular form of malware exploits vulnerabilities in Microsoft, specifically older versions of unsupported software (Windows XP/Server 2003, for example) that might be ineligible for a patch provided to fix the flaw earlier this year. Now Microsoft has made additional updates available to safeguard systems, however, it is incumbent on end-users to apply these patches to realize the benefits and reduce your risk.
As a precaution and part of an appropriate process, your systems should be regularly patched. Now is a perfect time to make certain this is happening. Here are some useful links to assist you in learning more about this malware and also about patching to guard against it.
Once the malware was released, variants were caught by security researchers who acted quickly to study the malware in their sandbox environment offline in order to properly dissect and find ways to stop the malware without causing further damage. WannaCry creators deployed an anti-sandbox technique with the goal of slowing down researcher’s dissection of the malware and encourage further spread of the ransomware. It was through these efforts that researchers were able to buy the previously nonexistent domain the malware was using as an anti-sandbox check from which the malware was sent and created a “kill switch” in hopes of shutting down the spread of the malware. However, it was only successful in shutting down that one variant of the ransomware and slowed the infection rate, leaving those with unpatched Windows XP and Server 2003 along with Windows running SMB services that have not been patched with MS17-010 are vulnerable to attacks.
As the week unfolds, we will be posting additional information. For questions about WannaCrypt, WCry and WannaCry, as well as special Twinstate promotions that can help guard against these attacks, contact us today.