<div dir="ltr"><div>Dear All,</div><div><br></div><div>Apologies for sending this 3 days late, some may have already sent through the warning and if you are receiving this in duplicate, apologies. I didn't read all my emails until this morning.</div><div>Please take caution in relation to the nasty ransomware that's affected the masses. This was sent to my by Wisdom Donkor 2 days ago so I thought I would share it.</div><div><span style="font-family:sans-serif;font-size:medium"><br></span></div><div><span style="font-family:sans-serif;font-size:medium"><br></span></div><div><span style="font-family:sans-serif;font-size:medium"><br></span></div><div><span style="font-family:sans-serif;font-size:medium">MESSAGE FROM CERT GHANA</span></div><div><span style="font-family:sans-serif;font-size:medium"><br></span></div><div><span style="font-family:sans-serif;font-size:medium">On, May 12, at about <span class="gmail-aBn" tabindex="0"><span class="gmail-aQJ">5:00 pm GMT</span></span>, a massive ransomware hit </span><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">computer systems of hundreds of private companies and public </span><span style="font-family:sans-serif;font-size:medium">organizations across the world which is believed to have the highest </span><span style="font-family:sans-serif;font-size:medium">infection rate of all time.</span><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">The Ransomware in question has been identified as a variant of </span><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">ransomware known as WannaCry (also known as 'Wana Decrypt0r,' </span><span style="font-family:sans-serif;font-size:medium">'WannaCryptor' or 'WCRY').</span><div style="font-size:13px"><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">Like other dangerous ransomware variants, WannaCry also blocks access to </span><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">a computer or its files and demands money to unlock it.</span><br style="font-family:sans-serif;font-size:medium"><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">Once infected with the WannaCry ransomware, victims are asked to pay up </span><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">to $300 in order to remove the infection from their PCs; otherwise, </span><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">their PCs render unusable, and their files remain locked.</span><br style="font-family:sans-serif;font-size:medium"><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">WannaCry attackers use a Windows exploit detected and tested by the NSA </span><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">called EternalBlue, which was stolen and released by the Shadow Brokers </span><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">hacking group over a month ago.</span><br style="font-family:sans-serif;font-size:medium"><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">Microsoft released a patch for the vulnerability in March (MS17-010), </span><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">but many users and organizations who did not patch their systems are </span><span style="font-family:sans-serif;font-size:medium">open to attacks.</span><br style="font-family:sans-serif;font-size:medium"><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">The exploit has the capability to penetrate into machines running </span><span style="font-family:sans-serif;font-size:medium">unpatched version of Windows by exploiting flaws in Microsoft Windows </span><span style="font-family:sans-serif;font-size:medium">SMB Server. This is why the WannaCry ransomware is spreading at an </span><span style="font-family:sans-serif;font-size:medium">astonishing pace.</span><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">Once a single computer in your organization is hit by the WannaCry </span><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">ransomware, the worm looks for other vulnerable computers and infects </span><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">them as well.</span><br style="font-family:sans-serif;font-size:medium"><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">In just a few hours, the ransomware targeted over 45,000 computers in 74 </span><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">countries, including United States, Russia, Germany, Turkey, Italy, </span><span style="font-family:sans-serif;font-size:medium">Philippines and Vietnam, and that the number was still growing.</span><br style="font-family:sans-serif;font-size:medium"><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">A screenshot of detailing nations attacked are attached in this email.</span><br style="font-family:sans-serif;font-size:medium"><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">The ransomeware's actual mode by which it initiates and spreads itself </span><span style="font-family:sans-serif;font-size:medium">on networks has not been discovered but like other ransomware variant, </span><span style="font-family:sans-serif;font-size:medium">malicious links and emails are most likely the culprit.</span><br style="font-family:sans-serif;font-size:medium"><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">CERT-GH recommends users and system admins:</span><br style="font-family:sans-serif;font-size:medium"><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">1. Take all windows OS systems off the internet and off the network.</span><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">2. Create a backup of all files needed.</span><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">3. Store backup in an airgapped location.</span><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">4. Download windows update(KB4019472) in a sandbox environment.</span><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">5. Install the update without connecting to a network/internet.</span><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">6. After the update, the system can be connected to the internet.</span><br style="font-family:sans-serif;font-size:medium"><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">Kind Regards</span><br style="font-family:sans-serif;font-size:medium"><br style="font-family:sans-serif;font-size:medium"><br style="font-family:sans-serif;font-size:medium"><span style="font-family:sans-serif;font-size:medium">CERT-GHANA</span></div></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><b><span style="color:rgb(12,52,61)"><font size="2">Salanieta Tamanikaiwaimaro aka Sala T<br></font></span></b></div><div><b><span style="color:rgb(12,52,61)"><font size="2">P. O. Box 17862<br></font></span></b></div><div><b><span style="color:rgb(12,52,61)"><font size="2">Suva<br></font></span></b></div><div><b><span style="color:rgb(12,52,61)"><font size="2">Republic of Fiji</font><span><font size="2"><br><br></font></span></span></b></div><div><b><span style="color:rgb(12,52,61)"><font size="2">Cell: +679 7656770; <br></font></span></b></div><div><b><span style="color:rgb(12,52,61)"><font size="2">Home: +679 3362003<br></font></span></b></div><div><span style="color:rgb(0,0,255)"><font size="2"><b><span style="color:rgb(12,52,61)">Twitter: @SalanietaT</span></b><br></font></span></div><div><span style="color:rgb(0,0,255)"><font size="2"><br></font></span></div><div><i><b><font size="4"><span style="color:rgb(116,27,71)"><span style="font-family:garamond,serif"><br></span></span></font></b></i></div><div><i><b><font size="4"><span style="color:rgb(116,27,71)"><span style="font-family:garamond,serif">"You will never do anything in this world without courage. It is the greatest quality of the mind next to honour." <br><br>Aristotle</span></span></font></b></i><br><br></div></div></div></div></div></div></div>
</div>