OSAE Member thinkCSC has been closely tracking a global ransomware attack called “WannaCry” that was initiated last Friday and has impacted organizations in at least 150 countries. The attack began in the United Kingdom (UK), shutting down several hospitals, thereafter, spreading to Spain. The attack has now spread globally to organizations of all sizes in all industries, including those in the United States.
Please note that organizations with network visibility and a comprehensive patching program are protected and will be able to defend themselves against WannaCry. This ransomware is spread throughout an organization’s network by taking advantage of vulnerabilities in Windows Server Message Block (SMB). Targeted organizations are those who failed to deploy the patches Microsoft had released to protect against these vulnerabilities.
To learn more about the SMB security patches and software vulnerabilities, please read more here: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx.
What Happens When WannaCry Ransomware Attacks?
When WannaCry ransomware is deployed, it encrypts files and demands a ransom of $300 in Bitcoin. thinkCSC urges organizations not to pay the ransom, as payment has not resulted in a release of the encrypted files. Learn more.
To learn more about the WannaCry ransomware attack, read more.
thinkCSC Coverage:
The thinkCSC team is actively monitoring the situation.
All thinkCSC Managed Services Clients have patches in place for exploitation attempts against the Windows SMB vulnerability, as well as IPS network detection for the WannaCry ransomware. Keep in mind: This is an ongoing campaign, and thinkCSC is regularly updating our detection capabilities. Additionally, thinkCSC is keeping a close eye on customer networks as events unfold.
Recommended Courses of Action:
thinkCSC recommends all organizations take the following actions:
While thinkCSC believes that employees will always be the first line of defense against ransomware attacks, the only real solution is for leaders of all –organizations – businesses of all sizes, government entities, schools, hospitals and others to invest in stronger IT security that includes offsite backup and recovery. These protections, combined with ongoing staff training, strict security policies and constant vigilance, are an absolute necessity in today's cyber-environment.