The Wannacry Ransomware Attack of May 2017

In News, patch, Security, Viruses by Tim Miller

There’s been a lot of talk, maybe too much talk, about the Wannacry Ransomware Attack of May 2017 (apologies to the worlds greatest band U2).

I will distil some information here – critical to businesses – and provide links for those who want to read more.

The background

Microsoft’s operating systems, Windows XP (no longer supported), Vista (no longer supported), Windows 7, Windows 8, 8.1 (no longer supported) and 8,1 Update, Windows 10 (all three versions) Windows Server 2012 and Server 2016 all had a security vulnerability. This was discovered and a patch was provided by Microsoft. By default this is publicly announced as it must be.

A hacker(s) wrote a ransomware virus taking advantage of this exploit within a few days and machines that were not patched against this exploit were taken advantage of. The ransomware software locks up the computer and requires bitcoin payments for the user to gain control again.

Thousands of machines were infected and without the next bit the story would have got a lot worse.

An IT researcher analysed the code and discovered a killswitch inside it. Essentially the code looked for a domain name to exist and if it did it stopped and didn’t execute. The domain name appeared to be constructed of letters that had been generated by a random mash of the keyboard. The researcher looked for the domain, discovered it didnt exist and promptly registered it. And that was it. The attack was stopped in its tracks.

Are we safe?

The short answer is if you are patched, Yes, if not, No.

The moral of the story is to take security patches from Microsoft seriously. Businesses cannot afford to have their systems and data frozen by this sort of ransomware. The loss of productivity is enormous, let alone the cost of removing / cleaning viruses.

Links to the news and analysis etc.

Everything you want to want to know – by one of Australia’s leading security experts, Troy Hunt

The actual notification by Microsoft of patch MS17-010 – use this to identify the specific KB patch number for your Operating system Version.

Security Ops Response to Wannacry by  BMC