Top Menu

Beware of the WannaCry Cyber Attack – it’s not over yet!

Overview

Below are some frequently asked questions about the WannaCry cyber attack that affected over 150 countries and targeted old Windows systems.

 

Where can I find more information?

Refer to the United States Computer Emergency Readiness Team post for complete details: https://www.us-cert.gov/ncas/alerts/TA17-132A

 

How did this attack happen?

It was believed that the source of the attack was from an infected email.

 

Is the attack over?

Most likely, No. There were reports that the ransomware was stopped with a kill switch, however it was only slowed down. Companies should stay diligent and stay on top by keeping their systems up-to-date.

 

What does it do?

The ransomware goes under the names: WCry, WannaCry, WanaCrypt0r, WannaCrypt, or Wana Decrypt0r. It behaves like a worm that propagates automatically, making it incredibly dangerous. It encrypts files on the computers that are affected and spreads to other computers via the local network and demands that you pay a ransom in Bitcoin exchange for the decryption.

General information on ransomware: https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx

What can I do about this threat?

Microsoft released a patch this past March for all supported versions of Windows. They also posted this blog entry with advice for their customers and details to their analysis and patches. Which included the unusual step of creating a patch for normally unsupported Operating Systems. If you are on Windows XP, 8 or Server 2003, it is recommended that you install the security update for your OS:

Download English language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64

MS17-010 Security Update: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Although there’s a kill switch, you can also whitelist the following domains:

www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com

www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com

Whitelisting should prevent your AV, URL Filters, and firewalls from blocking those addresses. You can also put the above-mentioned domain names on a system’s hosts file and on the internal DNS servers to ensure that the kill switch servers never go silent but you must be certain that the machine(s) you point to are always available.

 

What to do if your computer is infected?

If you suspect you have an infected machine that cannot reach either of the hosts mentioned above, the system is ransomed. You can find more information about that here: https://www.ncsc.gov.uk/blog-post/fi…d-ransomware-0

Contact your administrator. If you are an ACE Technology Group customer, we’ve already patched your systems.  Although security tools are able to detect and remove ransomware, it is important to stay diligent and follow steps designated by your organization.

, , , , , ,