A post about an alert I received first from AlienVault, and then from everybody. There is a new crypto-ransomware variant called Wanna Cry that is taking advantage of a recent Microsoft vulnerability that was patched back on March 14. If your computers have not been updated with MS17-010, then those computers are vulnerable. Microsoft considers this vulnerability significant enough to release it for Windows XP, even though official support ended over two years ago. If you take immediate action to install MS17-010, you can protect your network from this threat.
This exploit employs a worm component to spread, which means it will hop from system to system once installed on a network attached computer. Once files have been encrypted, the exploit presents a ransom demand for $300 in Bitcoin. See the image that follows.
This exploit was first reported by AlienVault on May 12. AlienVault is a unified threat management platform that I recommend. At CIT, we provide managed security services for our clients using the AlienVault platform. For more information check the links below.
More information:
- Whitepaper: Detecting Ransomware with Unified Security
- WannaCry IoC’s from the Open Threat Exchange
- Blog Post: Ransomware Prevention Strategies
- MS17-010
- US-CERT Alert (TA17-132A) Indicators Associated With WannaCry Ransomware
MAY
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com