May 2017 has seen the world's biggest cyberattack, affecting at least 150 countries and infecting over 300,000 machines in all types of industries. The food industry needs to be on alert too.
In a recent article we discussed the problem of Malware - now there has been a widespread global outbreak over the past couple of days of a new variant of ransomware, known as WannaCry. This cyberattack has affected countries across the globe, including Renault, FedEx, Nissan, Hitachi, the Russian Central Bank, the National Health System in the UK, and the State Police in India.
Latest information
There seems to be a large outbreak of ransomware that is spreading at a rapid rate globally and also seems to be able to spread internally within a network once the first host is compromised. The new variant of malware is known as WannaCry 2.0 and encrypts files with the .wncry extension.
Technical info
This variant of ransomware is reported to be spreading via the SMB protocol and believed to be using the MS17-010 vulnerability that was linked with the Shadowbrokers exploit Eternalblue. This exploit enables Remote Code Execution (RCE) by sending a specially crafted message to devices using SMB, full Microsoft advisory available here:https://technet.microsoft.com/en-us/library/security/ms17-010.aspx.
The importance of this delivery method is that it enables the attackers to compromise a single machine on a network and then laterally deploy large amounts of ransomware within that estate, using a P2P infrastructure that can have a large damaging impact to a computer network.
Recommendations:
- Run updates - The latest Microsoft security patches should be applied to your computers in line with your patching strategy.
- Review policies - If you use network and host based firewall rules, use stricter policies on all systems to prevent malware from spreading laterally within your computer network.
- Update your Antivirus - this will offer some level of protection if the malware used already has existing signatures. For newer variants of malware it is however suggested that dedicated ransomware protection be deployed that will actively detect and block processes seen encrypting files.
- Avoid suspicious emails - on a personal level, be more vigilant and avoid anything that looks suspicious or is not recognised.
- Backup - companies which have backed up data can recover from attacks like this, and will nto be held to ransom. Those which have not are at risk of severe implications for their company's operations.
For an overview of how to protect your company from Ransomware or for a comprehensive overview on implementing a Backup Plan, please refer to the articles on our web page.
Ransomware - Rate your Risk
Data Backup - A Recipe to Avert Disaster
Many thanks to our Technical Expert, Carel Krogh, for updating us on this threat and providing the information to help us protect our businesses against this attack.
