GTI Security News on WannaCry (WannaCrypt)

18/05/2017


The recent outbreak of a new ransomware variant WanaCrypt0r has impacted private and public organizations worldwide. Once the malware gets inside the network, it attempts to spread to other hosts using the Microsoft Server Message Block 1.0 (SMBv1) protocol by exploiting the EternalBlue vulnerability (CVE-2017-0144) on Microsoft Windows systems. This vulnerability was publicly disclosed by the Shadow Brokers group in April 2017, and was addressed by Microsoft in March 2017 with MS17-010.

Microsoft has published its “Customer Guidance for WannaCrypt attacks” as below, and has taken the step of providing patches for versions of Windows software that are no longer supported, including Windows XP, Windows 8 and Windows Server 2003:-


https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Customers who have installed the Windows security update MS17-010 are not vulnerable to this threat. Please refer to the Microsoft customer guidance for details. Customers should also employ the defense-in-depth strategy and make sure the IPS signatures and anti-malware signatures of their IPS and anti-malware solutions are updated to mitigate and protect against the new threats.

Followings are some useful information links to help you defend against the threats. 

https://www.hkcert.org/my_url/en/blog/17051401
https://www.govcert.gov.hk/en/A17-05-04.html
https://www.us-cert.gov/ncas/alerts/TA17-132A

If you will need more information or any help of our GTI Security Consultants, please contact us at inquiry@gti.com.hk or 2881 4800.