As you have heard by now a new variant of the WannaCry Ransomware is being actively distributed since Friday, May 12, 2017. This variant appears to be using SMB to spread very quickly throughout organizations once any user opens the infected file. We are hearing from our threat intelligence vendors that this is very wide spread and has already impacted a number of organizations. If you haven’t installed the patch referenced below, We would strongly urge you do so as soon as possible.
Most firewall vendors have protections for the above vulnerability, We would suggest making sure that any firewall vendor specific protections are in place, while it won’t help with lateral movement, it will help with any north south traffic and may also help identify systems that are vulnerable to infection.
NG Firewall / Barracuda Firewall is able to detect the ransomware via the following options:
– IPS is blocking traffic that uses the Microsoft vulnerability MS17-010 since 21st April 2017 with DB version 6.348 and higher
IPS ID: 1133635
– AV Scanner Avira is detecting the file since 12th May 10:18 PM GMT+2 with pattern version 7.14.06.158
– ATD would detect the affected files as well in case the customers AV patterns are outdated and ATD is enabled
The following are some articles/news regarding this latest ransomware attack:
Ransomware attack: The second wave is coming, so get ready now
How to protect yourself from the massive ransomware attack
Massive cyberattack targeting 99 countries causes sweeping havoc
How to avoid being caught out by ransomware
Please note this information is based upon the current state of the WannaCry Ransomware variant. If additional strains are found or new information becomes available additional steps and precautions may need to be taken. Not one thing may alleviate any attack but these are immediate steps to consider if you have not already done so.
For any IntraSystems customer that has questions regarding this, please feel free to contact IntraSystems support.