On the 12 of May 2017, a massive ransomware attack called WannaCry was unleashed and it has ended up disrupting business operations for both public and private organisations on multiple continents, with the NHS in the UK probably being one of the highest profile victims to date. If you are infected, you will find this flavour of ransomware to be highly virulent, spreading rapidly across your corporate network.
How WannaCry Works
WannaCry has the same method of infection as other ransomware (email attachments and links). The malware then exploits a Microsoft Windows vulnerability in the Microsoft Server Message Block (SMB) v1.0 protocol. Once you are infected, this strain of ransomware spreads laterally on your network by exploiting the SMB file sharing protocol on TCP ports 139 and 445, with the payload having the capability to scan external IP ranges and further spread the infection.
Microsoft released a critical security patch, MS17-010 for this vulnerability in its March Security Bulletin and has been very actively communicating customer guidance in their blogs since then. Given the severity and virulent nature of this attack, Microsoft has also now released emergency patches for older, unsupported operating systems like Windows XP, the operating system that has been affected the most.
Having become aware of the vulnerability relatively early, we put measures in place to bring in a larger team over the weekend to deal with any issues that may have resulted. We also began a verification process to ensure that all the necessary defences were in place throughout our customer estate, ensuring that all additional measures recommended by Microsoft had been deployed. We also continued actively monitoring computers and networks for any unexpected behaviour, ready to block any suspicious activity before it had a chance to spread.
As a result of our proactive approach to patching, our rigorous IT Security program and the effectiveness of our network, support and monitoring teams, we have found that none of our customers have been affected on this occasion. Had they been, we were ready to respond quickly with system backups to ensure that business operations could have returned to normal quickly without a ransom needing to be paid.
Our teams remain vigilant at this time, ready to act quickly to not only the WannaCry threat should it surface on technology platforms that we manage, but all other cyber-attacks that are sadly becoming a bigger and bigger part of our everyday lives.