[At-Large] Massive Ransoware "WannaCry"

Salanieta T. Tamanikaiwaimaro salanieta.tamanikaiwaimaro at gmail.com
Sun May 14 19:16:29 UTC 2017 

Dear All,

Apologies for sending this 3 days late, some may have already sent through
the warning and if you are receiving this in duplicate, apologies. I didn't
read all my emails until this morning.
Please take caution in relation to the nasty ransomware that's affected the
masses. This was sent to my by Wisdom Donkor 2 days ago so I thought I
would share it.



MESSAGE FROM CERT GHANA

On, May 12, at about 5:00 pm GMT, a massive ransomware hit
computer systems of hundreds of private companies and public organizations
across the world which is believed to have the highest infection rate of
all time.
The Ransomware in question has been identified as a variant of
ransomware known as WannaCry (also known as 'Wana Decrypt0r,' 'WannaCryptor'
or 'WCRY').

Like other dangerous ransomware variants, WannaCry also blocks access to
a computer or its files and demands money to unlock it.

Once infected with the WannaCry ransomware, victims are asked to pay up
to $300 in order to remove the infection from their PCs; otherwise,
their PCs render unusable, and their files remain locked.

WannaCry attackers use a Windows exploit detected and tested by the NSA
called EternalBlue, which was stolen and released by the Shadow Brokers
hacking group over a month ago.

Microsoft released a patch for the vulnerability in March (MS17-010),
but many users and organizations who did not patch their systems are open
to attacks.

The exploit has the capability to penetrate into machines running unpatched
version of Windows by exploiting flaws in Microsoft Windows SMB Server.
This is why the WannaCry ransomware is spreading at an astonishing pace.
Once a single computer in your organization is hit by the WannaCry
ransomware, the worm looks for other vulnerable computers and infects
them as well.

In just a few hours, the ransomware targeted over 45,000 computers in 74
countries, including United States, Russia, Germany, Turkey, Italy, Philippines
and Vietnam, and that the number was still growing.

A screenshot of detailing nations attacked are attached in this email.

The ransomeware's actual mode by which it initiates and spreads itself on
networks has not been discovered but like other ransomware variant, malicious
links and emails are most likely the culprit.

CERT-GH recommends users and system admins:

1. Take all windows OS systems off the internet and off the network.
2. Create a backup of all files needed.
3. Store backup in an airgapped location.
4. Download windows update(KB4019472) in a sandbox environment.
5. Install the update without connecting to a network/internet.
6. After the update, the system can be connected to the internet.

Kind Regards


CERT-GHANA












-- 

*Salanieta Tamanikaiwaimaro aka Sala T*

*P. O. Box 17862*

*Suva*


*Republic of Fiji*

*Cell: +679 7656770; *

*Home: +679 3362003*
*Twitter: @SalanietaT*




*"You will never do anything in this world without courage. It is the
greatest quality of the mind next to honour." Aristotle*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/at-large/attachments/20170515/c8f065f6/attachment-0001.html>

More information about the At-Large mailing list