What you should know and do if attacked.
Countless news reports have documented the outbreak of ransomware WCry, also referred to as WNCry, WannaCry, WanaCrypt0r or Wana Decrypt0r, which is spreading globally.
The ransomware locks all the data in a victim’s computer system, and has been demanding payments starting from US$300 in bitcoins to restore access. Further demands include paying the ransom within a defined time period, failing which the demands increase or leads to a complete destruction of data.
How is it spreading?
Like many ransomware attacks, this often starts with attachments coming by email which are inadvertently opened. Initial assessments are suggesting that once a recipient’s computer is infected, the ransomware spreads through a remote code execution vulnerability in Microsoft Windows computers: MS17-010. The encryption is carried with RSA-2048 encryption which makes decryption of the data extremely difficult or near impossible.
The vulnerability MS17-010 is also known as ETERNALBLUE, for which a patch is available.
Immediate measures
We advise that users should take precautionary measures by:
Additional communications / reminders to your organization’s users would help with prevention.
In addition, administrators should monitor their network, system, media, and logs for any malicious software, possible ex-filtration of data, abnormal behaviour or unauthorized network connections.
Post proper testing, Windows machines in your environment should be patched with one released by Microsoft in March 2017, as part of MS17-010 / CVE-2017-0147.