Worldwide Ransomware Outbreak – 15th May 2017

“WannaCry” ransomware advisory

In the past few days there has been a global outbreak of a malware strain known as “WannaCry”, “WCry”, or “Wanna Decryptor”.

WannaCry is spreading, demanding a ransom of 0.1781 bitcoins, currently $434 AUD.

Typical of Ransomware, the price goes up after a couple of days, with the threat of having files deleted once a week has passed.

While most news services only mention Phishing through phony email attachments, USA’s government IT advisory body US-CERT has described attacks on Internet exposed remote desktop servers.

Once inside a victim’s network, the Ransomware has proven effective at spreading itself internally through hidden administrative shares on PCs. It’s the ability to spread quickly inside networks that has made WannaCry particularly devastating.

The exploit uses SMB version 1, a protocol developed in the 1980s for file sharing, and used by Windows operating systems until version 2 was released with Windows Vista in 2006. Backwards compatibility with previous versions of Windows, including the popular Windows XP, has provided a window of opportunity for these malware attacks.

 

Immediate steps you can take:

Here are some steps you can take right now to protect your home and business:

Update now

Microsoft has done what they’ve promised they would not do: they’ve sent out a patch for Windows XP, Server 2003, and other legacy systems. The patch was released Sunday the 14th of May (Australian time).

This outbreak uses these redacted operating systems as launch pads to infect the rest of the network. Start with any XP, Vista, Windows 7 and Windows 8.0 PCs you have left on your network.

Patches were released for all supported operating systems back on the 14th of March.

Backup check and isolation

Check your most recent backups and make certain you have un-attached copies/media.

If this Ransomware hits your business, that backup will be your lifeline. Organise a test restore as proof of the validity of your backup.

Disable SMB1

Disable SMB version 1 (SMB1) on all systems, using a minimum of SMB2.

See below link from Microsoft on how to do this.

Update Anti-malware

Users of Diamond’s Managed AV solution are constantly being updated and covered, but if your organisation or home PC isn’t running our DMAV or an up-to-date protection, we highly recommend you install a highly-regarded anti-malware suite immediately, or contact us about having DMAV added to your account.
 

Further steps we recommend

We recommend all of our customers consider the following as a priority:

Upgrade or replace all PCs running Windows XP, prioritise moving all desktop PCs to Windows 10

The only 100% desktop operating system fully supported by Microsoft now is Windows 10. Windows XP is now a critical liability to any organisation.

Replace all Windows XP PCs ASAP, before considering prioritising any other operating systems prior to Windows 10.

Unified Threat Management (UTM) installation

If you don’t already have a UTM device protecting your network, this is now the time to reconsider, no matter how small your network.

UTMs give you both ingoing and outgoing protection with firewall, intelligent reporting and sandboxing technology. Sandbox technology is your only protection versus “Zero day” attacks, i.e. suffering a breach by malware before anti-malware systems have been patched to block a new strain of malware.

Eliminate any Internet-facing Remote Desktop systems

One of the prime attack surfaces for this and other malware attacks is remote desktop servers that are visible from the Internet.

Put your remote desktop system inside your network and have your people tunnel in using encryption to give them both the functionality they need and the security you need.
 

Contact Us 1300 307 907 to organise a visit from our Technology Optimisation team

Our Technology Optimisation (TechOps) team will audit your network for crucial flaws, such as vulnerable RDP servers, global local administrator rights, and flawed or non-functional backups. This is a service we already provide to our Managed Services customers.

You’ll be provided with a report featuring traffic-light warnings to you can address the most critical issues first.

 

 

Contact us today

Contact us to discuss your security concerns on 1300 307 907 or complete the form below and we will be in touch shortly.

 
 
 

 

How can Diamond help?

For more information on Ransomware, a type of malware that infects and restricts access to a computer system or files until a ransom is paid to unlock it; how to best protect your business and to view updated real examples, view our Ransomware Updates page.

Or catch our 15-minute webinar on Cyber Security

 

 

For customers on a Managed Services Agreement for their IT systems.

Diamond is using our comprehensive skills in Managed Services to take every possible measure to help protect our Managed Services customers.

  • Managed Services architects, software developers and engineers are doing everything possible to stop variants entering our IT Managed Services customer’s networks. Using our unique DMS system we have been able to roll out protection against some of the variants, but we make no guarantees as new variants are being created all the time.
  • As a standard component of our Managed Services agreements, we’re continuously monitoring backups to ensure if an event occurs your information is safe. We’ve recently launched a cloud backup product that provides an extra layer of isolation to protect the backup from infection. For all customers, including those not on managed services agreements.
  • We provide a unique Technology Optimisation process with the specific goal of aligning our Managed Services customers environment to industry best practice on an ongoing and proactive basis.
  • Awareness is a major factor, we’ve been very active in our communication to raise awareness of this threat.
  • We have developed some very innovative ways of tracing the damage to cut down the time taken to restore data.

 

References

AUS-CERT article following the outbreak

US-CERT article on the outbreak:

Disable SMB1 in legacy operating systems

A blog from Microsoft begging people to stop using SMB1 (Sept 2016) and what to do about it

 

Diamond ICT Security Assessment

Answer these simple questions about your business to gauge how protected you are from potential online attacks…

1. Is your security policy configured so that staff need to regularly change their password?