WannaCry Malware Attack
An alert from Microsoft follows to provide guidance regarding malware variously named WannaCrypt, WannaCry, WannaCryptor, or Wcry. Please share this with your IT and Security teams to ensure they are fully aware, prepared and protecting your organization against the attack.
On May 12, 2017, many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Microsoft is working to ensure we are taking all possible actions to protect our customers. Below we have given further details of the threat and steps every individual and business should take to stay protected. Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.
In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Unfortunately, the malware appears to have affected computers that have not applied the patch for these vulnerabilities. While the attack is unfolding, we remind users to install MS17-010 if they have not already done so. Microsoft antimalware telemetry constantly monitors for such threats, and alerted us to this attack. These systems gave us the visibility and context around the attach, allowing Windows Defender Antivirus to deliver real-time defense. Through automated analysis, machine learning, and predictive modeling, we were able to protect many up-to-date systems against this malware.
Steps to prevent and protect against this threat
To get the latest protection from Microsoft, upgrade to Windows 10. Keeping your computers up-to-date gives you the benefits of the latest features and proactive mitigations built into the latest versions of Windows.
We recommend customers that have not yet installed the security update MS17-010 do so as soon as possible. Until you can apply the patch, we also recommend two possible workarounds to reduce the attack surface:
- Disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547 and as recommended previously (Reboot Required)
- Consider adding a rule on your router or firewall to block incoming SMB traffic on port 445
Windows Defender Antivirus detects this threat as Ransom:Win32/WannaCrypt as of the 1.243.297.0 update. Enable Windows Defender Antivirus to detect this ransomware. Windows Defender Antivirus uses cloud-based protection, helping to protect you from the latest threats.
Use Office 365 Advanced Threat Protection, which has machine learning capability that blocks dangerous email threats, such as the emails carrying ransomware.
Monitor your network with Windows Defender Advanced Threat Protection, which alerts security operations teams about suspicious activities. Download this playbook to see how you can leverage Windows Defender ATP to detect, investigate, and mitigate ransomware in networks: Windows Defender Advanced Threat Protection – Ransomware response playbook.
For enterprises, use Device Guard to lock down devices and provide kernel-level virtualization-based security, allowing only trusted applications to run, effectively preventing malware from running.
For more information on support options please visit our support site: https://support.microsoft.com/en-us/gp/support-options-for-business
In case you have any further questions or require any assistance from our side, please do not hesitate to let me know.