There has been an outbreak of ransomware WCry, also referred to as WNCry, WannaCry, WanaCrypt0r or Wana Decrypt0r, which is spreading globally. This ransomware is leading to the following:
- Locks all data on a computer system
- Provides instructions on what to do next, which includes a demand of ransom (typically US$300 ransom in bitcoins)
- Demand includes paying ransom in defined period of time otherwise the demand increases, leading to complete destruction of data
- The encryption is carried with RSA-2048 encryption which makes decryption of data extremely difficult (next to impossible)
How is it spreading?
Like most of the ransomware attacks this is coming through attachments on email and initial assessments are showcasing that once infected the ransomware spreads through a remote code execution vulnerability in Microsoft Windows computers: MS17-010.
The vulnerability MS17-010 is also known as ETERNALBLUE, for which a patch is available.
Ensure few messages are reiterated and additional precautionary measures are undertaken, including:
- Avoid opening emails from unknown sources
- Be wary of unsolicited emails that demand immediate action
- Do not click on links or download email attachments sent from unknown users or which seem suspicious
- All users should be informed to ensure that anti-virus software is updated
- Maintain up-to-date backups of files and regularly verify that the backups can be restored.
- Monitor your network, system, media and logs for any malicious software, possible ex-filtration of data, abnormal behaviour or unauthorized network connections
- Patch Windows machines in your environment (post proper testing). The patch was released in March 2017 as part of MS17-010 / CVE-2017-0147
- Practice safe online behaviour
- Report all incidents to your IT helpdesk, immediately.