fbpx

Response to WannaCry Ransomware Attack – Update 1

WannaCrypt Image

As you may know, on May 12, hackers launched a global ransomware campaign against tens of thousands of corporate and governmental targets. The attack, known as WannaCry (also known as WannaCry, WCry, WanaCrypt, WanaCrypt0r, or Wanna Decrypt0r) is encrypting files and changing the extensions to: .wnry, .wcry, .wncry and .wncrypt, encrypts files on an infected computer and asks the computer’s user to pay a ransom in order to regain access.

So far we have learned that this ransomware spreads via an email attachment or link. Once a user opens the attachment, WannaCry executes on that computer, encrypts files on local drives, and spreads across the network.

Affected Microsoft Products Include

  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows Server 2016
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows Server 2012 and Windows Server 2012 R2
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows Server 2008 R2
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows Server 2008
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows Server Core installation option
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows 10
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows RT 8.1
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows 8.1
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows 7
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows Vista

The ransomware spreads itself over the network using a vulnerability in the SMB protocol, which is used by Microsoft for file sharing purposes. This flaw in Windows systems, now codenamed EternalBlue, was first leaked in the latest dump by a hacking group known as the Shadow Brokers. It’s believed that the US National Security Agency (NSA) originally created EternalBlue, the tool that allowed WannaCry to quickly spread across large networks.

Microsoft released a patch MS17-010 to combat EternalBlue in March, yet the majority of targets that were hit on the 12th had neglected to update their systems.

The WannaCry malware attack spreads as a worm, which makes it even more devastating to its targets.

2Secure_WnnaCryInfographic

Preventive Measures

  1. Remove old computers and servers operating on old Microsoft Windows operating systems, specifically Windows XP and Windows Server 2003.
  2. Patch all systems with the latest updates, this includes both operating systems and applications.
  3. Change passwords, making sure they are at least ten characters long and complex.
  4. Backup files often – at least twice a day.
  5. Regularly test your backups by restoring files.
  6. Teach your employees to NOT click on suspicious links or open suspicious attachments.
  7. Make sure your AV is up-to-date.

What to Do While It’s Happening

  1. Power-Off Infected Machines
  2. Unplug Unaffected Machines
  3. Backup Files
  4. Update All Machines with Latest Updates

In case you are not sure what to do or have questions, please call us 646-755-3933 or request a FREE WannaCry Audit. You will be scheduled on a first come, first served basis, timing is CRITICAL.

  • This field is for validation purposes and should be left unchanged.

1

One thought on “Response to WannaCry Ransomware Attack – Update 1

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

  •  

    Ransomware–Zcrypt

    Intel Security has recently seen a new kind of ransomware–Zcrypt—that can self-replicate. This “virus ransomware” arrives via email in a malicious attachment or by usurping an Adobe Flash Player installation. The malware copies itself onto removable drives to infect other machines. Zcrypt uses the Nullsoft Scriptable Install System, which works like a Zip file, decompressing[...]
  •  

    Watch Web Scams?

    Last week I was on nytimes.com when a window popped up telling me that my computer was infected, that windows was infected and I was prompted to call a windows expert. It looked just like a Microsoft page – I have been on the internet since 1999 so I usually do not fall for these[...]

2Secure Corp | Cybersecurity Services Based In NY

P

464 Kings Highway

2nd Floor

Brooklyn, NY 11223

q

646-755-3933

©2020 2Secure Corp. All Rights Reserved.

Privacy Policy

Response to WannaCry Ransomware Attack – Update 1
1

Response to WannaCry Ransomware Attack – Update 1

WannaCrypt Image

As you may know, on May 12, hackers launched a global ransomware campaign against tens of thousands of corporate and governmental targets. The attack, known as WannaCry (also known as WannaCry, WCry, WanaCrypt, WanaCrypt0r, or Wanna Decrypt0r) is encrypting files and changing the extensions to: .wnry, .wcry, .wncry and .wncrypt, encrypts files on an infected computer and asks the computer’s user to pay a ransom in order to regain access.

So far we have learned that this ransomware spreads via an email attachment or link. Once a user opens the attachment, WannaCry executes on that computer, encrypts files on local drives, and spreads across the network.

Affected Microsoft Products Include

  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows Server 2016
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows Server 2012 and Windows Server 2012 R2
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows Server 2008 R2
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows Server 2008
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows Server Core installation option
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows 10
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows RT 8.1
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows 8.1
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows 7
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows Vista

The ransomware spreads itself over the network using a vulnerability in the SMB protocol, which is used by Microsoft for file sharing purposes. This flaw in Windows systems, now codenamed EternalBlue, was first leaked in the latest dump by a hacking group known as the Shadow Brokers. It’s believed that the US National Security Agency (NSA) originally created EternalBlue, the tool that allowed WannaCry to quickly spread across large networks.

Microsoft released a patch MS17-010 to combat EternalBlue in March, yet the majority of targets that were hit on the 12th had neglected to update their systems.

The WannaCry malware attack spreads as a worm, which makes it even more devastating to its targets.

2Secure_WnnaCryInfographic

Preventive Measures

  1. Remove old computers and servers operating on old Microsoft Windows operating systems, specifically Windows XP and Windows Server 2003.
  2. Patch all systems with the latest updates, this includes both operating systems and applications.
  3. Change passwords, making sure they are at least ten characters long and complex.
  4. Backup files often – at least twice a day.
  5. Regularly test your backups by restoring files.
  6. Teach your employees to NOT click on suspicious links or open suspicious attachments.
  7. Make sure your AV is up-to-date.

What to Do While It’s Happening

  1. Power-Off Infected Machines
  2. Unplug Unaffected Machines
  3. Backup Files
  4. Update All Machines with Latest Updates

In case you are not sure what to do or have questions, please call us 646-755-3933 or request a FREE WannaCry Audit. You will be scheduled on a first come, first served basis, timing is CRITICAL.

  • This field is for validation purposes and should be left unchanged.

1

One thought on “Response to WannaCry Ransomware Attack – Update 1

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Response to WannaCry Ransomware Attack – Update 1

WannaCrypt Image

As you may know, on May 12, hackers launched a global ransomware campaign against tens of thousands of corporate and governmental targets. The attack, known as WannaCry (also known as WannaCry, WCry, WanaCrypt, WanaCrypt0r, or Wanna Decrypt0r) is encrypting files and changing the extensions to: .wnry, .wcry, .wncry and .wncrypt, encrypts files on an infected computer and asks the computer’s user to pay a ransom in order to regain access.

So far we have learned that this ransomware spreads via an email attachment or link. Once a user opens the attachment, WannaCry executes on that computer, encrypts files on local drives, and spreads across the network.

Affected Microsoft Products Include

  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows Server 2016
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows Server 2012 and Windows Server 2012 R2
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows Server 2008 R2
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows Server 2008
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows Server Core installation option
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows 10
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows RT 8.1
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows 8.1
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows 7
  • [icon type=”chevron-circle-right” class=”fa-li accent”]Windows Vista

The ransomware spreads itself over the network using a vulnerability in the SMB protocol, which is used by Microsoft for file sharing purposes. This flaw in Windows systems, now codenamed EternalBlue, was first leaked in the latest dump by a hacking group known as the Shadow Brokers. It’s believed that the US National Security Agency (NSA) originally created EternalBlue, the tool that allowed WannaCry to quickly spread across large networks.

Microsoft released a patch MS17-010 to combat EternalBlue in March, yet the majority of targets that were hit on the 12th had neglected to update their systems.

The WannaCry malware attack spreads as a worm, which makes it even more devastating to its targets.

2Secure_WnnaCryInfographic

Preventive Measures

  1. Remove old computers and servers operating on old Microsoft Windows operating systems, specifically Windows XP and Windows Server 2003.
  2. Patch all systems with the latest updates, this includes both operating systems and applications.
  3. Change passwords, making sure they are at least ten characters long and complex.
  4. Backup files often – at least twice a day.
  5. Regularly test your backups by restoring files.
  6. Teach your employees to NOT click on suspicious links or open suspicious attachments.
  7. Make sure your AV is up-to-date.

What to Do While It’s Happening

  1. Power-Off Infected Machines
  2. Unplug Unaffected Machines
  3. Backup Files
  4. Update All Machines with Latest Updates

In case you are not sure what to do or have questions, please call us 646-755-3933 or request a FREE WannaCry Audit. You will be scheduled on a first come, first served basis, timing is CRITICAL.

  • This field is for validation purposes and should be left unchanged.

1

One thought on “Response to WannaCry Ransomware Attack – Update 1

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Call Us: 646-755-3933

Incident Response Center

Blog