-By S Balaji
‘WannaCry’ is undoutedly the largest ransomware infection in history. Defenders have been running around with their heads on fire trying to get ahead of the infection and to understand the malware’s capabilities. The Wana ransomware became a global epidemic virtually overnight this week, after criminals started distributing copies of the malware with the help of a security vulnerability in Windows computers that Microsoft patched in March 2017.
What’s Unique with WannaCry ?
There were some unique aspects to the WannaCry attack. Typical ransom ware infections happen after the victim clicks on a malicious email attachment or link. In this attack the malware was able to exploit a remote code execution (RCE) vulnerability that allowed it to infect un-patched machines without users having to do anything.
Because of that, this was able to spread in the same rapid fashion as the worm outbreaks common a decade ago, such as Slammer and Conficker. Specifically, WannaCry exploited a Windows vulnerability Microsoft released a patch for in March. That flaw was in the Windows Server Message Block (SMB) service, which Windows computers use to share files and printers across local networks. Microsoft addressed the issue in its MS17-010 bulletin. Organizations running older, no-longer-supporter versions of Windows were particularly hard hit. In fact, Microsoft took the highly unusual step of making a security update for platforms in custom support (such as Windows XP) available to everyone.
The software giant said in a statement:
Files are encrypted with the .wnry, .wcry, .wncry, and .wncryt .wncryt .wncryt extension.
End users see a screen with a ransom message.
• End users see the following Ransom-WannaCry Desktop Background:
• On restarting, impacted machines have a blue screen error and cannot start.
• Encryption seen on local host and open SMB shares.
Customers should immediately install the Critical Microsoft Patch MS17-010, to prevent SMB shares from becoming encrypted: https://technet.microsoft.com/en-us/library/security/ms17- 010.aspx.
How Partners Can Avoid Cry in Ransomware:
Here are some simple steps every channel partner should implement in his/her client office to escape from the ‘Wanna cry’ moment.
1. Disable SMBv1.
2. Backup your data on a regular basis and be sure to store the backups offline.
3. Limit administrative privileges in the network.
4. Segment your network.
5. You’ll want to ensure all of your Windows environments have been updated as described in Microsoft Security Bulletin MS17-010 – Critical.
6. Microsoft is providing Customer Guidance for WannaCrypt attacks.
7. Microsoft has made the decision to make the Security Update for platforms in custom support only — Windows XP, Windows 8, and Windows Server 2003 — broadly available for download.
8. Make sure all nodes have security software installed and updated.
9. And also do a periodic Security Audit and get the guidance of an expert.
(The author is the chief architect of Coimbatore based Vyapini Tech Services and can be reached at firstname.lastname@example.org)
[[Disclaimer: The views expressed in this article are solely those of the authors and do not necessarily represent or reflect the views of Trivone Media Network's or that of ChannelTimes']