WannaCry Ransomware Strikes Worldwide

Computers and networks around the world fell victim to WannaCry ransomware over the past two days. The attack successfully shut down hospitals, transit systems, and businesses in every point of the globe. The threat significantly affected the United Kingdom, Taiwan, Chile and Japan.

Last year, hackers announced that they had hacked and downloaded tools from the NSA. One of the tools acquired utilizes a vulnerability to attack (code named EternalBlue).

The vulnerability drops a file on the vulnerable system which executes as a service. The service then drops the actual ransomware file onto the affected system, encrypting files with the .WNCRY extension. A separate component file for displaying the ransom note would also be dropped.

The ransomware encrypts files with a total of 166 extensions, including those commonly used by Microsoft Office, databases, file archives, multimedia files, and various programming languages.

To spread to other systems, it uses the file that was dropped and runs as a service. The service uses the name “Microsoft Security Center (2.0)“. This service scans for other SMB shares on the network, and uses the EternalBlue vulnerability to spread to other systems.

Figure 3. Added service

Microsoft already patched supported Windows operating systems to address the SMBv1 vulnerability used in this attack in March. Even before that, in September 2016 Microsoft strongly urged users to migrate away from SMBv1, which dates back to the early 1990s. US-CERT issued similarly strong recommendations as well. Organizations that had followed best practices—both in patching and in proper configuration of SMB services—would not be affected by this attack.

The infected machines either do not have the patch installed or still operate the Windows XP, Vista, or Windows 8 operating systems.

In the wake of the largest ransomware attack in the history that has already infected over 114,000 Windows systems worldwide in the last twenty-four hours, Microsoft just took an unusual step to protect its customers with out-of-date computers. Microsoft just released an emergency security patch update for all its unsupported version of Windows, including Windows XP, Vista, Windows 8, Server 2003 and 2008 Editions.

Digital Age Solution customers with DAS Safe & Secure contracts do not have to worry!

Our security software identifies and blocks this threat and file encryption regardless of your operating system.

DAS Sync protects against ransomware by keeping file history back-ups on our cloud servers. We can easily recover files for customers.

DAS Remote Monitoring and Management also applies patches to protect our customer’s computers. For outdated systems, we have already pushed the new update to computers.

If you want to be sure your systems are protected with DAS Safe & Secure, contact us to get Safe and Secure.