Ninety nine countries around the world, including the U.S., are managing the spread of vicious WannaCry ransomware attack on Saturday after the virus brought much of global technology to a standstill on Friday. WannaCry ransomware is believed to use an exploit, which was developed by the U.S. National Security Agency to attack computers running Microsoft Windows operating systems. Although a patch to remove the underlying vulnerability had been issued on 14 March 2017, delays in applying security updates left some users and organizations vulnerable. Microsoft has taken the unusual step of releasing updates for the unsupported Windows XP and Windows Server 2003 and patches for Windows 8 operating systems. The spreed of the malware has slowed down for now however newer versions of the WannaCry ransomware may appear.
It is not an “attack” as the targets were not chosen intentionally but the ransomware is not discriminating between machines; any susceptible network is being hit. It reminds us of keeping our software up to date and do house keeping. On the technical side it exploits vulnerability MS17-010 in Microsoft’s implementation of the Server Message Block (SMB) protocol. After gaining access to the computers, either via LAN, an email attachment or drive-by download, the ransomware encrypts the computer’s hard disk drive, then attempts to exploit the SMB vulnerability to spread to random computers on the Internet, and “laterally” between computers on the same LAN. The patch released by Microsoft was to the Server Message Block (SMB) protocol used by Windows. Microsoft has also been advising people to stop using the old SMB1 protocol and use the newer, more secure SMB3 protocol instead.
The most important step most users can take, more important than owning antivirus protection, is to keep all software up to date all the time. Most ransomware works by encrypting files and charging users for the decryption key. If users regularly back up files, this tactic won’t be as effective.
Here is the link for Microsoft Advisory on WannaCry ransomware attack.