If ever there was a time to be vigilant online and on networks, it is now. A new strain of the WannaCry ransomware, which recently affected major corporate networks and high profile organisations across the world, is unprecedented in its scale and severity.
Data management and security specialist firm Redstor advises customers to ensure their Windows environments are patched for the vulnerability this ransomware exploits. The appropriate patch can be downloaded from MS17-010.
Redstor offers more information about the cyber threat that WannaCry represents and what it is capable of.
According to the company the virus is known as Wanna Decryptor, WannaCry. WanaCrypt0r and WCry and encrypts users’ files, demanding a $300 payment for access to be restored.
So far, the list of victims includes some of the world’s largest companies such as Renault, Deutsche Bahn, FedEX and the Russian interior ministry. In Spain, the virus seems to have gained significant traction, infecting Telefonica, Gas Natural and Iberdola amongst others.
Redstor explains that WCry utilises an NSA originating exploit that was leaked by the Shadow Brokers hacking collective in mid-April. The exploit in question, codenamed EternalBlue, targets a vulnerability found in Server Message Block (SMB) code built into all modern versions of Windows.
The exploit provides a means of remotely commandeering computers running Windows.
This vulnerability is present on any Windows version from XP through Server 2012. By incorporating the EternalBlue exploit with a self-replicating payload, WCry can spread itself in “worm” fashion from vulnerable machine to vulnerable machine across the network.
The result is that after an initial infection, there is no need for emails to be opened or links to be clicked, the virus silently spreads itself without the need for human interaction.
“We’d like to reassure customers who have data residing on the Redstor platform that it is fully patched against this vulnerability. We recommend customers regularly check their backups to ensure all critical data is backed up,” says Danie Marais, director of project management at Redstor.
“We have provided further detail on the vulnerability and security best practice on our latest blog on the topic. We encourage all our customers to read up on the subject, information is your best weapon. At the same time, implementing a new backup solution is no use if data is already infected – a backup may be able to take place but the restore won’t be able to get around the encryption that’s already there. Only by having up-to-date, isolated data backup will your recovery will be swift and all traces of the ransomware infection be erased,’ Marais explains.
