Security Bulletin: WannaCry Ransomware

ATTENTION ONLINE AND SELF-PROCESSING CREDIT UNIONS

By now you may have heard about the massive ransomware attack that began on Friday and potentially affected tens of thousands of computers in 100 or more countries.  The media was quick to report the story, as well as news of the young security researcher that helped slow the spread of the malware by finding a “kill switch” in the ransomware’s code.  However, this does not mean the risks have passed, as new variants of WannaCry (WannaCrypt0r) have already been released to the internet.

What is WannaCry? WannaCry is a form of malware known as ransomware.  Vulnerable Windows computers that come into contact with WannaCry will be encrypted and the user will be prompted to pay $300 to decrypt the files.  The ransom increases to $600 after a few days, and then threatens to delete all files after a week.

 

What makes WannaCry more dangerous than other ransomware is that it actively seeks to infect any other computer it can reach across the network.  It uses an older Microsoft SMB v1 file share protocol to seek out and infect other machines.  It may also spread via email attachments.  WannaCry also installs a backdoor to facilitate communication with the author.

Where did WannaCry come from? Its origins are not yet known.  However, the authors are using a Microsoft Windows vulnerability published as part of the Shadow Broker archive of NSA hacking weapons that was stolen from the US government agency.  Microsoft released a patch (MS17-010) in March in response to this vulnerability.
What should you do about WannaCry? If you are a CNS Complete Care Client, we have already applied the necessary patches to protect your network.

If you are not a Complete Care Client please contact your IT provider or our Help Desk for assistance.

Malware is a real risk for any connected computer system, regardless of the type (PC, mobile device, etc.)  However, following general security practices can greatly reduce the risk and impact of malware:

  1. Apply patches as soon as possible.  Systems with the MS17-010 Microsoft patch are not vulnerable to WannaCry.
  2. Get obsolete systems off your network.  Vendors don’t offer patches for end-of-life systems (although Microsoft did release an update for Windows XP and Server 2003 due to how severe WannaCry is).
  3. Run up-to-date anti-virus software on every computer.
  4. Use a firewall to block inbound network access to PCs unless specifically required by the apps you are using.  Blocking SMB v1 would block this version of WannaCry.
  5. Make sure your firewall is blocking SMB from the internet.  This is a standard configuration for CNS managed firewalls.
  6. Educate your users to not open unexpected emails with attachments, or click on links in unexpected emails.  Attachments and links can contain malware like WannaCry.
  7. Maintain backups.  Up-to date backups can help you recover quickly if your files are infected.

If you have any questions, contact the Help Desk