Alert: WannaCry Ransomware

May 15th, 2017
Alert: WannaCry Ransomware

What is the purpose of this alert?

By now you may have heard about the reported ransomware attack reported in Europe last week and which goes by the name of WannaCrypt, WannaCry, WannaCryptor, or Wcry.

The bottom line is that if your organization is currently running currently supported operating systems like Windows 10 and it is up to date in OS patches and virus definitions you should be OK against this threat.  Otherwise, please make sure you have a plan of protection and action for your computer devices and contact us if you feel you need outside assistance for assessment or remediation support.  Below you will find reference information that you can take action internally or with your IT provider of choice.

Summary

Today many organizations around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software.  Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect  customers. Microsoft is using the MSRC blog - Customer Guidance for WannaCrypt attacks to post information and resources in one place, to help customers respond to this latest threat.

The first and most important piece of guidance is to immediately deploy the security update associated with Microsoft Security Bulletin MS17-010, if you have not done so already. Customers that have automatic updates enabled or have deployed this update are already protected from the vulnerability these attacks are trying to exploit.

Malware Detection

Windows Defender, System Center Endpoint Protection, and Forefront Endpoint Protection detect this threat family as Ransom:Win32/WannaCrypt.

In addition, the free Microsoft Safety Scanner http://www.microsoft.com/security/scanner/ is designed to detect this threat as well as many others.

Recommendations

Review the Microsoft Security Response Center (MSRC) blog at Customer Guidance for WannaCrypt Attacks for an overview of the issue, details of the malware, suggested actions, and links to additional resources.

Keep systems up-to-date. Specifically, for this issue, ensure Microsoft Security Bulletin MS17-010 Security Update for Microsoft Windows SMB Server is installed.

Customers who believe they are affected can contact Team Venti at http://support.teamventi.com or contact Microsoft's Customer Service and Support by using any method found at this location: https://support.microsoft.com/gp/contactus81?Audience=Commercial.

Microsoft Malware Detection and Removal Tools

Use the following free Microsoft tools to detect and remove this threat:

Additional Resources