Ashton Security Inc.
May 17, 2017
Since May 13th 2017, a rapidly spreading infection of ransomware known as WannaCry has been causing significant problems around the world.
For the cybersecurity advisory providing background information on the attack, product affected/unaffected, and further guidance on what installers and end-users can do to prevent their devices from being compromised.
If you have Security Systems being affected feel free to contact us here.
What is ransomware? Ransomware is a form of malware which affects its victims by encrypting the files on the infected system. The software informs the victim of the infection and demands a payment in order to release the files.
How is WannaCry spreading?
WannaCry is taking advantage of a recently disclosed vulnerability in Microsoft’s implementation of Server Message Block (SMB) protocol called EternalBlue. After infecting a vulnerable system, WannaCry will scan for vulnerable computers on the same network and seek out vulnerable systems randomly on the internet.
What types of products are vulnerable
This infection process is only possible on Windows devices with SMB enabled. Windows 10 is not vulnerable.
Since May 13th, a rapidly spreading infection of ransomware has been causing significant problems around the world. In April, a group called “The Shadow Group” disclosed several exploits including a previously unknown infection vector known as EternalBlue which takes advantage of a vulnerability in the Windows SMB protocol. The WannaCry ransomware uses this exploit to infect its victims. Its widespread impact is due to the ability of WannaCry to auto-propagate itself.
Fortunately, Microsoft had created and released updates to fix this vulnerability prior to the disclosure by The Shadow Group. Microsoft even issued updates for Windows XP, Windows 8, and Windows Server 2003 which are past their support cycles on May 13th. However, many systems have not yet applied these updates.
Most ransomware spreads through social engineering attacks such as infected email attachments, but attacks like that used by WannaCry exploit vulnerabilities in the system.
Regular security updates and antivirus tools can prevent many attacks from occurring. However, the best preventative measure is regular system backups. Backups should be kept offsite so if a system is infected, it can be recovered without paying the ransom.
What can installers and end-users do? Apply Windows security updates Microsoft has released a security patch (MS17-010) in March for currently supported Windows versions.
In May, Microsoft also released a patch for Windows XP, Vista, 8, Server 2003 and 2008 available here.
Where possible, disable Server Message Block (SMB) on the vulnerable system. This protocol is enabled by default on Windows but is not used by most Tyco Security Products applications.
- Go to Windows' Control Panel and open 'Programs.'
- Open 'Features' under Programs and click 'Turn Windows Features on and off.'
- Now, scroll down to find 'SMB 1.0/CIFS File Sharing Support' and uncheck it.
- Then click OK, close the control Panel and restart the computer.