How to escape the fury of WannaCry (and other ransomware similar)

the first wave ended . The campaign of the ransomware WannaCry hit to more than 70 countries, toppled high profile companies, and committed to the health system in the United Kingdom. Derived from an exploit created by NSA and filtered by group Shadow Brokers, WannaCry takes advantage of a vulnerability that Microsoft fixed in March although it is clear that the practices of management around the globe left much to be desired. In the best of cases your system is protected, but if in doubt, the best is that you continue reading…

the situation was very strange. Traditional media began to speak in terms such as «cyber» and ‘ransomware’, and with the passing of the hours, it was proven that it was not an isolated fact. A new campaign had entered activity and in his first movement hit very hard. It reached to more than 70 countries, leaving out phone, FedEx and British health system. the majority of the attacks (más de 75 mil por ahora) focused on Russia, Ukraine and the India, but it wasn’t much beyond those territories. And effectively is a ransomware variant of malware that we’ve been talking much in recent months, and that apparently no one took seriously until now. It has multiple names, but the most popular is WannaCry and basically asking $300 in bitcoins in Exchange for the kidnapped information. If the victim does not pay before May 15, the price will increase and you will receive 96 hours of additional margin.

the reward for encrypted files has a base of $300

if we study in greater depth to WannaCry we will discover two very interesting, and at the same time worrying details. Firstly, its development is based on the ETERNALBLUE tool that attacks a vulnerability in the Windows SMB protocol. This resource was stolen to the NSA in April by the Group Shadow Brokers, so much of the digital world just feel the fire of military-grade weapon. And secondly, it is necessary to highlight that Microsoft released a patch to neutralize ETERNALBLUE, under Security MS17-010 Bulletin, rated ‘critical’ . The hotfix is available on all affected systems since March last and due to gravity, Microsoft decided to publish a patch out of band for its three systems without official support, which are Windows XP, Windows 8 and Windows Server 2003 . Fortunately, the researcher’s security MalwareTech discovered «switch» WannaCry after taking control of a domain joined the exploit, and in addition created a map that helps us to visualize the impact of the campaign.

the scope of WannaCry. It did not leave puppet head…

The real problem is that with so many unprotected systems, is a matter of time that managers make modifications to your code and try again. do recommendations? in theory, the average user who use a version of Windows to date should be immune to WannaCry but we will review four points:

  • if equivalent to MS17-010 for your operating system hotfix is not installed, now do it . Windows Server 2003 and Windows XP, Windows 8 received a «extraordinary except’ a dedicated patch .
  • enhance security policies in routers on the ports 139 and TCP 445, historically associated with SMB. In other words, be sure that nothing between there.
  • disable SMBv1. The process was explained in the MS17-010 Bulletin and applies only to Windows Vista onwards. This is located under the menu item «enable or disable Windows features» in «Programs» within the Control Panel.
  • explore some antiransomware option to complement the traditional antivirus applications.

Leave your vote

0 points

Downvote Upvote

Total votes: 0

Upvotes: 0

Upvotes percentage: 0.000000%

Downvotes: 0

Downvotes percentage: 0.000000%

Be the first to comment

Leave a Reply