The DCU released bulletin B-17-12 regarding the recent WannaCry Ransomware.
WannaCry Ransomware Exploit
As you probably are aware, a widespread ransomware campaign is affecting various organizations with reports of a large number of infections in many countries, including the United States. Currently, the latest version of this ransomware variant is recognized as WannaCry, WCry, or Wanna Decryptor.
Per the United States Computer Emergency Readiness Team “US-CERT” alert (TA17-132A – linked provided below) revised, May 15, 2017, initial reports indicate the hacker or hacking group behind the WannaCry campaign is gaining access to enterprise servers either through Remote Desktop Protocol (RDP) compromise or through the exploitation of a critical Windows SMB vulnerability. Microsoft released a security update for the MS17-010 vulnerability on March 14, 2017. Additionally, Microsoft released patches for the Windows XP, Windows 8, and Windows Server 2003 operating systems on May 13, 2017. According to open sources, one possible infection vector is via phishing emails.
The recommended step for prevention is to ensure that the Microsoft security patch for the MS17-010 SMB vulnerability dated March 14, 2017 is applied.
See the associated US-CERT alerts for additional information.
Below are some relevant publications to provide further assistance in addressing WannaCry Ransomware:
- Federal Government Interagency Guidance on Ransomware
- FFIEC Joint Statement on Destructive Malware
- FFIEC Joint Statement on Cyber Attacks Involving Extortion