Since last Friday (May 12, 2017) there has been massive cyber-attack at Europe bring down a lot of computers from different organization including Schools and Hospitals. This has been major attack that none of has expected. Wannacry/cryware ransomware outbreak is having a major issue now.
What’s interesting about this ransomware is that WannaCry attackers are leveraging a Windows exploit harvested from the NSA called EternalBlue, which was dumped by the Shadow Brokers hacking group over a month ago.
Microsoft released a patch for the vulnerability in March (MS17-010), but many users and organizations who did not patch their systems are open to attacks.
The exploit has the capability to penetrate into machines running unpatched version of Windows XP through 2008 R2 by exploiting flaws in Microsoft Windows SMB Server. This is why WannaCry campaign is spreading at an astonishing pace.
Once a single computer in your organization is hit by the WannaCry ransomware, the worm looks for other vulnerable computers and infects them as well.
Indicators of compromise
SHA1 of samples analyzed:
- Files with “.wnry” extension
- Files with “.WNCRY” extension
Registry keys created:
Karthik Selvaraj, Elia Florio, Andrea Lelli, and Tanmay Ganacharya
Microsoft Malware Protection Center
How to be Secure?
- Immediately apply the Microsoft Patch MS17-010 from below link to your respective machine
For XP machine Patch Visit this blog
- Do not open any suspicious email with attachment or click on any link that has been provided on the email. Even though it seems like PDF or any office files.
- Make a backup of your files to the different location than your PC.
- This worm targets out of date systems, so keep updating
WannaCrypt ransomware worm targets out-of-date systems