Categories

Home Uncategorized WannaCry Ransomware

WannaCry Ransomware

Uncategorized By · May 14, 2017 · 0 Comment

WannaCry (or WannaCrypt or Wanna Decryptor)

WannCry is a piece of RansomWare targeting Microsoft Windows machines which encrypts (locks) files on the machines it infects and demand payments for decrypting (unlocking) the files.

Unlike most RansomWare, WannaCry is spreading as a worm using a vulnerability in Windows, this means users don’t have to click anything for the machine to be infected, in fact machines can be infected while no is using the machine.

The weakness was identified in March when hacking tools used by the NSA in the U.S. were obtained by a hacker group. Microsoft released the Patch MS17-010 on the 14th of March to patch the vulnerability. MS17-010 link https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

The patch was only released for supported operated systems, meaning Windows XP, Server 2003 and Windows 8 had no patch available. The group made the hacking tools available online on the 14th April and on Friday the 12th of May WannCry started to spread and infect machines with over 230,000 machines said to be infected by Sunday the 14th of May.

Microsoft released patches on Friday the 12th May for Windows XP, Server 2003 and Windows 8, link: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

On Friday evening the domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com was registered by a security researcher who spotted the domain in the code of WannCry and this inadvertently turned out to be a kill switch to stop the worm spreading.

However some ISPs have mistakenly blocked that domain and now researchers are saying they are seeing a version of WannaCry without this kill switch which spreading in the wild.

What actions should users take?

Any systems that have not being patched yet should be updated immediately and restarted once updates complete.  How to enable Windows Updates: https://support.microsoft.com/en-us/help/306525/how-to-configure-and-use-automatic-updates-in-windows

Any systems that can’t be patched for whatever reason should have the SMB V1 feature disabled see https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012?utm_content=bufferf993c&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

If you have a number of systems that can’t quickly be patched or have SMB V1 disabled then you should lock down firewalls in front of those machines, blocking TCP Ports 445 and 139 from External access. If you don’t need SMB access outside your local network this should remain in place going forward.

Backups are crucial for many reasons, including as a way to recover from RansomWare, so if you have been hit by WannaCry the best course of action is to restore from backups to systems which are isolated on the network, patch the systems and then restore network access while reviewing firewall policies.

If you have no backups then you will need to rebuild systems and start again, it is not advisable to pay the ransom as there is no guarantee your files will be restored and you are allowing criminals to profit from their actions which encourages more of these types of attacks.

As always users should be educated to know what to look out for in emails and links sent as many forms of RansomWare rely on users to click on a link, this can include emails which are masked to look like they are coming from a colleague, boss or supplier. If ever in any doubt, DO NOT click on any links or open any attachments, consult with your colleagues first.

Any systems running Windows XP or Server 2003 should be replaced by supported operating systems. Any Windows 8 systems should be upgraded to 8.1 as per https://support.microsoft.com/en-ie/help/15288/windows-8-update-to-windows-8-1

Ensure you have anti-virus installed and up to date.

Update the version 2 that has been seen without the killswitch is not spreading as it doesn’t contain that feature.

Related Posts

Starlink Instagram and Facebook fix

Uncategorized By · February 19, 2022 · 0 Comment
Starlink offers high speed broadband in many areas that have no other options and it can provide very high speeds also with over 250mbps download, however despite these very high speeds there is an issue where users trying to access... Read more

Learning the art of saying no

Uncategorized By · December 29, 2019 · 1 Comment
I wrote earlier this year in April about losing over 3 stone and improving my health which included curing my IBS. See http://www.oreilly.ie/losing-3-stone-curing-ibs/ Lots of people have asked me “whats the secret” since I wrote that blog post and my... Read more

Carlow Welcomes 2019 Ploughing

Uncategorized By · September 16, 2019 · 0 Comment
Around 250,000 are expected to descend on Carlow this week for the NPA #Ploughing19. Here are some amazing sights you may not know about. We are so central and would offer a céad míle fáilte if you plan a return... Read more

Losing 3 stone & curing IBS

Uncategorized By · April 15, 2019 · 3 Comments
In June 2017 I weighed almost 14 stone with the scales hitting 13 stone 13 pounds (88KG). I took a photo of myself in front of the mirror and said I needed to change my lifestyle and lose weight. I... Read more

Future of Electric Vehicle Public Charging Infrastructure

Uncategorized By · October 7, 2017 · 0 Comment
“This is a once-in-a-generation, major infrastructure project” That was a sentence recently used by the CER/CRU Commissioner Aoife MacEvilly, but sadly she wasn’t talking about the Infrastructure for Electric Vehicles which will form part of the biggest change in energy... Read more

Electric Picnic 2016 preview

Uncategorized By · September 1, 2016 · 1 Comment
A few aerial photos and quick video from nearby Electric Picnic this morning the day before it kicks off. Taken by Carlow Weather www.carlowweather.com feel free to repost as long as you credit Carlow Weather. Read more

Storm Frank 30th December 2015

Uncategorized By · December 30, 2015 · 0 Comment
Storm Frank Quick post with some photos and video from Tullow and the River Slaney, more detailed post later.   All images and footage owned by Carlow Weather and not to used without credit to Carlow Weather Read more

ESB ECAR Charging plans

Uncategorized By · November 4, 2015 · 3 Comments
Sign Petition to rethink these charges: http://www.ipetitions.com/petition/rethink-ev-charging-costs Electric cars have been around for a few years now and sales have been rather weak but growing. I purchased a Nissan Leaf just over one year ago and the majority of my... Read more

Windows 10 upgrade Outlook can’t send email

Uncategorized By · October 1, 2015 · 0 Comment
After upgrading to Windows 10 many users have reported issues sending emails via Outlook. The resolution is simple however, open a command prompt and run sfc /scannow This runs the Microsoft Windows Resource Checker tool, also know as “System File... Read more

Windows Security These files can’t be opened. Your Internet security settings prevented one or more files from being opened.

Uncategorized By · June 4, 2015 · 0 Comment
On Windows server the error below is shown when you try to open any application: Windows Security These files can’t be opened. Your Internet security settings prevented one or more files from being opened. To Resolve: 1. Create another user... Read more

Leave a Reply

Your email address will not be published. Required fields are marked *