Ramblings of an old Doc
The predicted nightmare.
Published on May 13, 2017 By DrJBHL In Personal Computing

 

History: "Shadow Brokers" hacked the NSA in April 2016, and leaked the American cyber weapon ETERNALBLUE for the Microsoft Windows system. WannaCry's developers used ETERNALBLUE as the basis of their ransomware (not confirmed by experts), which gains access to a Windows computer, through a Windows vulnerability which was patched by MS on 3/14/17. 

"Organizations that lacked this security patch were affected for this reason, and there is so far no evidence that any were specifically targeted by the ransomware developers. Any organization still running the end-of-life Windows XP, would be particularly at risk, as no security patches for that have been issued by Microsoft since April 2014. As of 2016, thousands of computers in 42 separate NHS trusts in England were reported to be still running Windows XP." - Wikipedia 

It is passed by email, and infects after the email attachment is opened.

One enterprising British fellow got a look at it and found the hard coded "kill switch" and by purchasing the domain the worm turned to, effectively stopped its spread.

Now there's a variant version of the first worm together with which, the computers (large networks and small) in 94 countries or so have been attacked, including hospital systems, FedEx, Telefonica, etc.

So, what should you do? First, patch your system with MS's latest update through Windows update. To protect yourself, make sure Microsoft patch MS17-010  is applied to your PC.That will protect you against version one. Next, MAKE A DISK BACKUP, which you should have been doing all along. Update any anti-ransomware app you have. However, to the best of my knowledge, there's no specific update for version 2 just yet. At least not for the Malwarebytes app which I have.

I would avoid any email with an attachment. Yeah, it's a pita, but seriously, what else can you do?

 

My thanks to Fuzzy Logic for his initial warning about the second variant Forums post.

 

Sources:

https://mspoweruser.com/microsoft-release-statement-on-massive-worldwide-ransomware-attack/

https://www.binarydefense.com/wannacry-mass-ransomware-worm-campaign/

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


Comments
on Jun 16, 2017

Just reposting this information here, in case someone needs it:

So now there is a possibility to unlock files encrypted by WannaCry ransomware using a free decryption program

https://blog.malwarebytes.com/cybercrime/2017/05/wannadecrypt-your-files/

http://thehackernews.com/2017/05/wannacry-ransomware-decryption-tool.html

https://malwareless.com/free-wannacry-ransomware-decryption-tool-unlock-files-without-paying-ransom/

The decryptor is only going to work if you haven't killed the ransomware process (should be wnry.exe or or wcry.exe) in Task Manager.