IntraSystems Warning About Recent “WannaCry” Ransomware

As you have heard by now a new variant of the WannaCry Ransomware is being actively distributed since Friday, May 12, 2017. This variant appears to be using SMB to spread very quickly throughout organizations once any user opens the infected file. We are hearing from our threat intelligence vendors that this is very wide spread and has already impacted a number of organizations. If you haven’t installed the patch referenced below, We would strongly urge you do so as soon as possible.

https://technet.microsoft.com/library/security/ms17-010

Most firewall vendors have protections for the above vulnerability, We would suggest making sure that any firewall vendor specific protections are in place, while it won’t help with lateral movement, it will help with any north south traffic and may also help identify systems that are vulnerable to infection.
Check Point:
https://www.checkpoint.com/defense/advisories/public/2017/cpai-2017-0177.html

Fortinet:
http://blog.fortinet.com/2017/05/12/protecting-your-organization-from-the-wcry-ransomware

SonicWall:
https://blog.sonicwall.com/2017/05/sonicwall-protects-customers-latest-massive-wannacry-ransomware-attack/

Juniper:
https://forums.juniper.net/t5/Security-Now/Rapid-Response-The-WannaCry-Ransomware-Outbreak/ba-p/307835

Barracuda:
NG Firewall / Barracuda Firewall is able to detect the ransomware via the following options:
– IPS is blocking traffic that uses the Microsoft vulnerability MS17-010 since 21st April 2017 with DB version 6.348 and higher
IPS ID: 1133635
– AV Scanner Avira is detecting the file since 12th May 10:18 PM GMT+2 with pattern version 7.14.06.158
– ATD would detect the affected files as well in case the customers AV patterns are outdated and ATD is enabled

From US-CERT:
https://www.us-cert.gov/ncas/alerts/TA17-117A

 

The following are some articles/news regarding this latest ransomware attack:

Ransomware attack: The second wave is coming, so get ready now
http://www.zdnet.com/article/ransomware-attack-the-second-wave-is-coming-so-get-ready-now/

How to protect yourself from the massive ransomware attack
http://money.cnn.com/2017/05/13/technology/ransomware-attack-protect-yourself/

Massive cyberattack targeting 99 countries causes sweeping havoc
http://money.cnn.com/2017/05/12/technology/ransomware-attack-nsa-microsoft/

How to avoid being caught out by ransomware
http://www.computerweekly.com/feature/How-to-avoid-being-caught-out-by-ransomware

Please note this information is based upon the current state of the WannaCry Ransomware variant. If additional strains are found or new information becomes available additional steps and precautions may need to be taken. Not one thing may alleviate any attack but these are immediate steps to consider if you have not already done so.

For any IntraSystems customer that has questions regarding this, please feel free to contact IntraSystems support.

Written by

avatar

Since 1996, IntraSystems has empowered companies to deliver secure, on-demand access, anytime, anywhere. By assisting in the design, installation, security, and maintenance of networked technologies, IntraSystems enables corporations to focus on business growth while utilizing new technologies to enhance corporate productivity. Recommending, customizing, and implementing IT configurations form the backbone of our key strengths. It's an approach that works well in everyday situations and it's precisely what drives our success.