Approximately 74 countries are currently under an ongoing cyber-attack. The NHS in the UK has been massively affected, along with major companies worldwide.
Computer systems are being infected with the ransomware known as WanaCrypt0r 2.0 (known as WCry and WannaCry). The malicious file targets a known computer vulnerability (MS17-010).
System Administrators:
- Ensure systems are fully patched, especially by addressing the MS17-010 vulnerability.
- Disable SMBv1.
- Firewall protect ports: 139/445 & 3389
- Make sure you have a backup of your data and it is also stored offline.
- Ensure Antivirus is installed and active.
Legacy systems should be isolated and any systems which are infected, consider removing them from the network.
Under Attack?
Microsoft released notes:
https://blogs.technet.microsoft.com/mmpc/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/
Computer systems are being infected with the ransomware known as WanaCrypt0r 2.0 (known as WCry and WannaCry). The malicious file targets a known computer vulnerability (MS17-010).
System Administrators:
- Ensure systems are fully patched, especially by addressing the MS17-010 vulnerability.
- Disable SMBv1.
- Firewall protect ports: 139/445 & 3389
- Make sure you have a backup of your data and it is also stored offline.
- Ensure Antivirus is installed and active.
Legacy systems should be isolated and any systems which are infected, consider removing them from the network.
Under Attack?
- Customers in the healthcare sector should follow the national guidance as instructed by the NHS and the National Cyber Security Centre (NCSC).
- UK customers consult the Cyber Information Sharing Platform (CiSP).
- DeepRecce customers requiring further advice or information should contact our 24/7 incident response line www.deeprecce.com
--
Repository of information:
WannaCry|WannaDecrypt0r NSA-Cybereweapon-Powered Ransomware Worm
https://gist.github.com/pcostesi/87a04a3bbbdbc4aeb8b787f45eb21197
https://gist.github.com/pcostesi/87a04a3bbbdbc4aeb8b787f45eb21197
Microsoft released notes:
https://blogs.technet.microsoft.com/mmpc/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/