“WannaCry” – New Ransomware Virus
UPDATE (11:00AM, 5/13/2017): In a surprising move, Microsoft has now released updates for their unsupported operating systems including Windows XP and Windows Server 2003.
The WannaCry ransomware is currently infecting many end users and business across the globe. This malware is using an exploit which was revealed by a group called the Shadow Brokers back in March of this year. Microsoft released a patch for this exploit, MS17-010, on March 13, 2017 It’s important to denote that WannaCry is simply a ransomware variant and its spreading via the exploit detailed in MS17-010. The characteristic that is causing WannaCry to spread is that once its installed on a workstation, it begins spreading quickly via the exploit in MS17-010 on March 13, 2017 across other machines on the network.
If you’ve been patching your systems the last couple of months for all of the workstations your chance of infection is low. If you have a Windows XP/2003 device, the recommendation is to shut it down or take it off any network connection it may have.
We preach defense in depth or as some call it, layered security. This is an instance that could not illustrate the purpose of this strategy better. Most firewalls, including Fortinet, Cisco and Sonicwall already added the exploit signatures to their security services. These vendors added these updates weeks ago.
These ransomware infections are starting as many do, through an email phishing attack to an unsuspecting user who clicks the wrong link. Users are a part of the links in the chain to stop these attacks. Training them to avoid email based malware is yet another layer to protect your environment.
Here are the linked referenced to the vendor signature update notes: