Wannacry Ransomware Report
This Post details the implications and status of the Wannacry Ransomware outbreak that has just been discovered/reported.
What is this about?
A new wave of ransomware attacks are occurring globally, locking users out of business critical files and systems until a ransom is paid. This is a serious security issue that has a widespread global coverage.
The WannaCry ransomware attack is an ongoing cyberattack of the WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) ransomware computer worm, targeting the Microsoft Windows operating system. The attack started on Friday, 12 May 2017, infecting more than 230,000 computers in over 150 countries, with the software demanding ransom payments in the crypto-currency bitcoin in 28 languages.
Additional technical details about the issue can be found at US-CERT Alert (TA17-132A).
When was a “fix” released?
Microsoft released a security update on 14 March 2017 that addressed one of the key attack vectors for this outbreak.
Microsoft have also recently released further updates that address other attack vectors. One of the attack vectors identified for the recent outbreak of ransomware is email. While all emails to customers on Mach email services are scanned for malicious content, a small percentage of malicious email inevitably does make it through.
What has Mach done?
Mach Technology installs all updates on Windows Servers automatically and monitors for successful update installation – all a part of our Managed Services.
Nonetheless, as soon as the outbreak was known Mach proactively audited all customer Windows Servers and can confirm that they have this critical Microsoft update installed as expected.
No known issues have arisen as a result of this Ransomware outbreak in any Mach-managed infrastructure.
Furthermore, Customers who have purchased our TMV (Time Machine Vault) and VMS (Virtual Machine Snapshot) products have technically-independent escrow backups that cannot be affected and provide superior data-recovery/rollback capabilities.
What should Customers do?
Mach urges all customers to:
- Regularly shut down desktop and laptop computers and install available Microsoft updates
- Educate staff in the need to be suspicious of unsolicited email messages, even if they appear to be from reputed organisations
- Contact Mach immediately if anything suspicious encountered.