Wanna ransomware strain spread via Malwaretech.com

The WannaCry cyberattacks made headlines around the world because of its rapid spread. According to the FBI, since Friday May 12th at 4 a.m. EDT the agency knows of "reports of tens of thousands of infections in as many as 99 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. ” [FBI Flash, 5/13/2017]

Like all forms of ransomware, WannaCry encrypts the target data rendering it inaccessible to the user and attempts to extorts a ransom payment in exchange for the decryption key. According to various open sources the requested ransom for this variant is .1781 bitcoins or about $300 dollars US.

How does WannaCry Spread?

It’s unclear whether all vectors of the spread have been uncovered to date. However, reports indicate the initial infection happens because of traditional email phishing. However, WannaCry is different after the initial infection because it then works its way around the local network using a vulnerability in Microsoft Operating Systems. This vulnerability was dubbed “Eternal Blue” in leaked data and only recently patched by Microsoft in March of 2017.

What can I do to protect myself and business?

Like all forms of ransomware, the cybercriminals are counting on human error to help them with the spread of the malware. So, the best thing you can do is educate and practice a layered approach to defense:

  1. Learn to identify and report suspicious emails and train staff to avoid clicking on suspicious links or attachments.
  2. Make sure all devices on your network are properly patched with up to date software.
  3. Install (MS17-010) from Microsoft which closes the vulnerability suspected to be at play in this attack.
  4. Use endpoint security that include Anti-Virus and Anti-malware and update your signatures regularly.
  5. Scan incoming and outgoing traffic for infected attachments.
  6. Consider blocking legacy protocols on local networks.
  7. Backup regularly and validate your backups to ensure they operate as expected.

SDN customers with certain levels of our Managed Firewall services may already enjoy the Antivirus, Malware, & Intrusion Protection recommended above. On Friday during the peak of the attack, we proactively updated the Anti-virus and IPS signatures released earlier in the day as a preventative measure.

Our staff continues to monitor this evolving threat. If you have any questions, please contact SDN Communications at 800-247-1442 or email our support staff to discuss your Managed Firewall services.

To learn more about the cyber threat landscape in our region, subscribe to and download our latest report.

Theron McChesney, SDN business intelligence specialist, spoke with WNAX about the attack and how businesses can protect themselves. Listen to the interview.