WanaCrypt Ransomware

This past February, Microsoft mysteriously canceled “Patch Tuesday” for the entire month, and then jam-packed a large number of patches into their March release - one of them being patch MS17-010.  The world learned soon afterward (via Wikileaks), that that the March 2017 Microsoft patches addressed some exploits that the NSA has been using to monitor Windows-based systems around the globe.

Fast-forward a few months, and as of May 12th, 2017 hackers are now globally exploiting the flaws fixed in MS17-010, through a new malware/ransomware campaign that has impacted machines across the world.

This malware is a variant of the “WanaCrypt” exploit and infects Windows systems that have not been patched for MS17-010.  From a high-level, it attacks SMB (file sharing) services on Windows machines that have not been patched for MS17-010, and it attempts to proliferate itself to other unpatched systems on your network.

ARE YOU IMPACTED?

If you are running Windows Vista, 7, 10, Windows Server 2008, 2008 R2, 2012, 2012 R2, or 2016, you would be impacted if you have not patched your systems for MS17-010.  The release date for these patches was March 14th, 2017.  If you have not already done so, you are strongly advised to install patches MS17-010 found here:

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

RISKGEN can assist your organization in incident planning and response for these types of attacks and help to stop ransomware before it infiltrates your company.