Late last week a massive ransomware attack swept across the world, infecting computer systems in at least 150 countries. Known as WannaCrypt, WannaCrypt0r, and WannaCry, the ransomware encrypts anything and everything it can and will spread from an infected device to anything it is connected to on a network.
Utilizing a stolen National Security Agency exploit known as EternalBlue, WannaCrypt takes advantage of a Windows SMB Remote Code Execution Vulnerability in many Windows Operating Systems. Unfortunately, if you are already infected by the ransomware there is nothing you can do besides restore your system from a recent backup (or cross your fingers and hope security experts can release a decryption key). Do not pay the ransom! There is no guarantee they will provide decryption for your files even if you do pay.
However, there are steps you can take to ensure your systems are invulnerable to this exploit and possible future attacks.
- Stay up to date with Windows Security patches. If you have Windows updates enabled, or have manually installed the latest critical patches you will be protected from WannaCrypt. This link will lead you to the original Windows Security Bulletin (containing KB numbers and links for patch downloads).
- If you’re an Atomic Data Client and are not up to date on patches we can help secure your systems with Patch Management
- Disable SMBv1. Exposing SMB to the internet is not safe regardless of vulnerabilities. This link provides steps to disable SMBv1 in Windows and Windows Server Operating Systems.
For more information on this specific Ransomware attack, check out ZDNet’s summary here. For more information on Ransomware in general, check out our Blog. And, of course, if you’re interested in Atomic Data’s services like Patch Management, click the link below.