IMPORTANT INFORMATION REGARDING THE CURRENT RANSOMWARE OUTBREAK

As you’ll likely have noted from recent media coverage, on Friday 12th May a new type of ransomware (named variously WannaCrypt/WannaCry/WCry) began appearing on computers running Microsoft Windows worldwide – within a matter of hours this infection spread to tens of thousands of devices across nearly 100 countries, causing significant issues for the affected organisations (including the NHS in the UK).

Whilst Friday’s outbreak was subsequently halted through the actions of security professionals, new variants have already begun to appear which cannot be controlled in the same way and that extend the risk of damage to organisational data.

What Is The Risk?

Ransomware is not new – this malicious software (malware) is designed to strongly encrypt your most important files (by targeting particular file types), at high speed, rendering them inaccessible to you. Once the files have been encrypted the application will move on to making demands for an untraceable payment using Bitcoin (an online currency) in return for the promise of a decryptor for your own data.

In this instance the ransomware has been combined with a technique (details) which allows infections to travel from one machine to another – this means that the malware spreads quickly between connected machines, such as on a company network. It is this combination which has made the outbreak so widespread and the impact so visible.

A number of defences are available - Microsoft began protecting against this combination of vulnerabilities using a security patch which became freely available in March 2017 (details). This family of patches provides cover for all currently supported versions of Windows (Windows Vista/Server 2008 or newer), but Microsoft have taken the uncharacteristic step of also providing patches for Windows XP/Server 2003 as a service to their customers.

Further information on the outbreak, as well as suggestions from the UK National Security Cyber Centre are available here:-
• Latest Statement
• Briefing – Protecting Your Organisation From Ransomware

What can you do?

There are 3 courses of action that we strongly recommend – both within an organisation, and for home/consumer users
1) Ensure that Windows Update has installed all recommended patches, or download and install the specific patch which suits your Windows version which closes the vulnerability that the current outbreak takes advantage of (details here, see below)
2) Ensure that your desktop/server antivirus product is up to date, and run a scan
3) Ensure that you have a backup for your data which is not accessible/vulnerable to ransomware, or if you don’t have a backup take steps to make one as soon as possible
4) Remain diligent when opening emails (and particularly attachments) from correspondents that you don’t recognise (fake or ‘phishing’ emails are a regular source of malware, part of a chain of events that can lead to ransomware arriving on your machine)

How can we help?

If you are a customer using our hosted services, please be assured that we are already defending against these vulnerabilities (just as you’d expect).

If you’re a customer who entrusts us with support for your servers and/or workstations, we will in touch with you to discuss your situation as a matter of priority throughout Monday. For many, the necessary steps will already have been taken.

If you are a PAYG customer and/or a customer with machines which you’re managing yourselves, we’d like to provide the following list of links which may be useful to you in finding the correct security patch against the vulnerability being used by the current WannaCrypt outbreak:-

Vulnerability Operating System Download Link
MS17-010
Windows 10 http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4012606

Windows 10 x64 http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4012606

Windows 8.x http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4012216

Windows 8.x x64 http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4012216

Windows 7 http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4012215

Windows 7 x64 http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4012212

Windows Vista http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4012598

Windows Vista x64 http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4012598

Windows XP http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe

Windows XP x64 http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x64-custom-enu_f24d8723f246145524b9030e4752c96430981211.exe

Windows Server 2012 R2 http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4012216

Windows Server 2012 http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4012217

Windows Server 2008 R2 http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4012215

Windows Server 2008 http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4012598

Windows Server 2008 x64 http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4012598

Windows Server 2003 http://download.windowsupdate.com/c/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x86-custom-enu_f617caf6e7ee6f43abe4b386cb1d26b3318693cf.exe

Windows Server 2003 x64 http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x64-custom-enu_f24d8723f246145524b9030e4752c96430981211.exe

If you need assistance with any steps recommended above to defend against with this outbreak please get in touch:-
• Email: support@entrustit.co.uk
• Phone: 0330 002 0046