The following provides information regarding the cyber-attack that took place on Friday, May 12, 2017 known as the WanaCry/WanaCrypt0r ransomware. We also wanted to update you on Atmosera’s readiness to deal with this threat.
Overview of the Threat
On Friday, May 12, 2017, a series of broad attacks began that spread the latest version of the WanaCry/WanaCryt0r ransomware. These attacks reportedly impacted systems of public and private organizations worldwide.
While the initial infection vector for WanaCry/WanaCryt0r is unclear, it is certain that once inside the network, it attempts to spread to other hosts using the SMB protocol by exploiting the EternalBlue vulnerability (CVE-2017-0144) on Microsoft Windows Operating Systems (OS).
This vulnerability was publicly disclosed by the Shadow Brokers group in April 2017 and was addressed by Microsoft in March 2017 with MS17-010 (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx).
Microsoft Security Update and Patch
Microsoft published a post on protections from the WanaCry/WanaCrypt0r attacks here (https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/), and has taken the step of providing patches for version of Windows software that are no longer supported, including Windows XP. Organizations that have applied the MS17-010 update are not at risk for the spread of the WanaCry/WanaCrypt0r ransomware across the network.
Atmosera Response for Customers with Managed OS Services
Atmosera’s Operations team patched and remediated the vulnerability that was used in this attack for all customers with OS Managed Services when Microsoft last released patches. Atmosera strongly encourages all customers to deploy the Microsoft security update, as well as all other critical and high security updates, with urgency to all systems not managed by Atmosera.
For Atmosera Customers Who Manage their Own OS
This is a serious threat which needs to be mitigated immediately. Since WanaCry/WanaCrypt0 targets a remotely exploitable vulnerability in a network component that is now under active attack, Atmosera strongly encourages all customers to deploy the Microsoft security update, as well as all other critical and high security updates, with urgency.
- Microsoft Security Bulletin MS17-010: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
- Microsoft Guidance: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
- Atmosera Managed OS Data Sheet: http://bit.ly/1HR3KKZ