A post about an alert I received first from AlienVault, and then from everybody. There is a new crypto-ransomware variant called Wanna Cry that is taking advantage of a recent Microsoft vulnerability that was patched back on March 14. If your computers have not been updated with MS17-010, then those computers are vulnerable. Microsoft considers this vulnerability significant enough to release it for Windows XP, even though official support ended over two years ago. If you take immediate action to install MS17-010, you can protect your network from this threat.
This exploit employs a worm component to spread, which means it will hop from system to system once installed on a network attached computer. Once files have been encrypted, the exploit presents a ransom demand for $300 in Bitcoin. See the image that follows.
This exploit was first reported by AlienVault on May 12. AlienVault is a unified threat management platform that I recommend. At CIT, we provide managed security services for our clients using the AlienVault platform. For more information check the links below.
- Whitepaper: Detecting Ransomware with Unified Security
- WannaCry IoC’s from the Open Threat Exchange
- Blog Post: Ransomware Prevention Strategies
- US-CERT Alert (TA17-132A) Indicators Associated With WannaCry Ransomware