Information Security

 

Guidance for WannaCrypt ransomware worm attacks [updated]

Saturday, May 13, 2017

The WannaCrypt ransomware worm targets computers which do not have the latest security updates installed. 

We remind users to install MS17-010 as soon as possible, if they have not already done so. Microsoft released additional security updates for for older platforms including Windows XP, Windows 8, and Windows Server 2003.

This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. For example, to further protect against SMBv1 attacks, network operators should consider blocking legacy protocols on their networks.

See also OxCERT Security Bulletin OSB2017-009: Additional Security Updates for Microsoft Windows SMB Server 1.0 vulnerability.

Update 2017-05-13 11:00

Infections of this ransomware are dropping off, as a kill switch to terminate the malicious activity has been identified and implemented. We recommend to monitor HTTP connections to the magic domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com to identify infected systems.

Update 2017-05-15 12:00

OxCERT is aware of several versions of WannaCrypt ignoring the  kill switch. We strongly recommend users to ensure their systems have all security patches and updates applied.