On Friday, 5/12/2017, the world saw a massive cyberattack that spread globally in a only a matter of minutes.
The initial attack vector has been email, through spam. These messages are typically fake invoices, job offers and other lures which are sent to random email addresses. Within the email is a .zip file and once clicked, that initiates the WannaCry infection.
The attack is then spreading on internal networks using a P2P exploitation of SMB (Server Message Block) known as EternalBlue. The files are being dropped by a worm which abuses SMB, a network file sharing protocol. Other aspects of the malware leverages file-less exploitation techniques, and the malware is morphing rapidly in the wild with over a dozen variants seen thus far.
The file extension used is .wncry, which drops a ransomware notification named: @Please_Read_Me@.txt in common file and folder locations.
IT IS IMPERATIVE THAT YOU BE EXTREMELY VIGILANT IN OPENING EMAIL WITH ATTACHMENTS OR SUSPICOUS LINKS!
The IT team at QUALITY is working extremely hard to ensure all of our clients systems are protected against this latest threat. If you are unsure of an email which contains an email attachment or suspicious link, please take pause and reach out to us for verification.
The most recent variation of the Crypto virus is proving successful in penetrating business systems due to the timing of the new variation and the delay in security vendors to provide updated security files to thwart the attempt. This variation continues to encrypt files on servers through drive mappings present on a computer or set of computers. As has been the case with past variations, typical virus and malware cleaners are unable to detect nor remove the threat. Once the files are infected (encrypted), the only path to a clean system is to restore from a backup solution.
Please be vigilant while working with files, corresponding through email and “surfing the web”. If a file looks suspicious, it most likely is. This latest variation disguises itself as an .mp3 file. Should you receive a file via email with an .mp3 extension, delete the email immediately and without hesitation. If you open a file and find your system compromised, unplug the network cable from your computer right away as a first course of action. Second, shut down your computer and notify our IT help desk.
Attempts to compromise systems will only increase in today’s world. The impact of these sophisticated attempts are real and can be extremely effective. We are doing everything we can to protect our systems but we need everyone’s help. If you are unsure about something, please do not hesitate to reach out and ask for guidance.