Patch Now: WannaCrypt Ransomware
On Friday, the security team at Syxsense was one of the first to break the news in the US about the WannaCrypt malware attack.
Over the weekend, a UK security blogger found a kill switch for the initial variant of WannaCrypt. The blogger found that each infected device checked for the existence of a long-unregistered URL before encrypting infected device files. The blogger registered the domain to allow him to track the progression of WannaCrypt.
Although the initial wave of attacks has been diminished by activating the kill switch, this is not over. New variants of WannaCrypt are still being released that ignore the kill switch.
WannaCrypt is exploiting weaknesses in the Microsoft Operating Systems that were identified by the NSA. Microsoft patched these weaknesses in March 2017 and tools like Syxsense, Windows Update or other patching solutions should be already protected by deploying MS17-010.
However, many organizations have older non-Microsoft supported operating systems still deployed – Windows Server 2003, Windows XP, Windows XP Embedded and Windows 8. Microsoft took the unusual step over the weekend of releasing a patch for these unsupported operating systems.
We strongly recommend identifying all vulnerable operating systems and deploying this patch immediately.
We strongly recommend using a solution like Syxsense, that supports older operating systems and has agentless ability to scan your entire IT environment for all devices and remediate without the need to have agents deployed.
This attack is not going away – expect new variants shortly.
CEO | Syxsense
Verismic Software, Inc.
Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.