Home ResourcesBlog FoxGuard monitors global ransomware cyber attack – WannaCry

FoxGuard monitors global ransomware cyber attack – WannaCry

Share:Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn

FoxGuard continues to monitor a global ransomware cyber-attack, identified as Ransom:Win32/WannaCrypt and referred to as WannaCrypt or WannaCry, that seems to be targeting organizations and individuals in various countries. While FoxGuard remains unaffected by the attack, we are in the process of reaching out to current customers of our Patch Availability Reporting (PAR) and Validation services who were notified of this critical patch as part of our March reports.

The ransomware encrypts files and extorts a fee from the user in order to unencrypt the files. It also attempts to exploit a Server Message Block (SMB) protocol vulnerability in Microsoft Windows operating systems in order to spread out to random computers. There are reports that affected systems have also had the DoublePulsar backdoor installed. Countermeasures have been taken by the Internet community and vendors to slow, detect and stop the spread of the ransomware.

Microsoft released a patch in March of this year for all currently supported operating systems. Due to the seriousness of this attack, Microsoft has also provided security updates for previously unsupported operating systems including Windows XP, Windows 8 and Windows Server 2003. If you are unable to install the patch at this time then Microsoft suggests that SMB v1 be disabled on all vulnerable systems.

Attacks of this nature may have a significant impact and it is important for organizations and individuals to ensure that they:
   •    Keep antivirus and antimalware applications up to date.
   •    Install security updates as soon as they become available and in accordance with
         patch management processes.
   •    Create regular backups of important files and store them in a location that vulnerable
         systems cannot reach.
   •    Do not click on or open any attachments received within unsolicited emails.

For more information:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#sm.0000umhdb0m5mdizwzh13u3fz7x7z

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0147

https://www.us-cert.gov/ncas/alerts/TA17-132A

 

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

Talk to an Expert