#wannaCry hit hard yesterday – it romped through the internet and the current count we’re seeing is more than 99,000 infected machines. That kind of massive infection rate is amazing and scary at the same time.
It’s so scary, that Microsoft did something amazing; they released a patch for ALL versions of windows, even end-of-life products such as Windows XP and Windows Vista.
(please be patient – the traffic to this site is massive and we’re getting timeouts downloading the page & downloads at the moment)
Perhaps the worst issue that is being dealt with by victims is this encrypting wom is that files touched by the attack are encrypted and the attacker is the only source for the key to reverse that. This can have dire consequences, especially in the healthcare sector. Encrypted patient records, doctor’s files and other items may not be usable or accessible unless there is a good backup to restore from.
The ransom demanded for decryption of the files appears to be about $300 (climbing to $600 if you do not pay), which is actually lower than other ransomware we’ve seen, but the true cost will be all the time, lost files, and other collateral damage caused by this ransomware.
Keep Yourself Safe
To protect yourself against this latest threat, there is a lot that you can do, and you should start sooner rather than later:
- Install Anti-malware Software – You’ve heard this over and over, and it seems very repetitive mentioning it now. However, if we had not encountered multiple instances where we were told, “It is a server, and we have firewalls, so I will leave anti-malware off of this machine” or “I have too many problems to install antivirus on this server”, we would not mention it. But, that has happened. So, we are stating it. Please install reputable anti-malware and give yourself a fighting chance at stopping this before you are affected.
- As an example, ESET’s network protection module was already blocking attempts to exploit the leaked vulnerability at the network level before this particular malware was even created. ESET increased the protection level by adding detection for this specific threat as Win32/Filecoder.WannaCryptor.D; first detected in the 15404 VSDs, released May-12-2017, 13:20 CEST (UTC/GMT +02:00). Prior to that, ESET LiveGrid protected against this particular attack starting around 11:26AM CEST.
- Update Your Windows Machines – Please! We know that patches can be very, very difficult to get deployed across the entire network. This one, you will want to install. It has been available since mid-April and actually stops the exploit from gaining a foothold in your environment. The patch listing for the entire listing of Equation Group files can be located here.
- Be Intelligent! – As a person who researches infections, exploits and various other information security related items, knowing is half the battle. Especially when items are being leaked and created in this kind of rapid-fire fashion.
There is more on the WannaCryptor threat, and protection strategies, in our InfoSec Blog.