There is a huge ransomware attacking organizations in multiple countries as we wrote this blog. The number of victims keeps growing – and by this latest string of ransomware attacks have grown tremendously over the last few hours. According to NPR, there are reports of Spain’s largest telecom being hit. At least 16 hospitals in England’s National Health Service are impacted. There are also unconfirmed reports that Frankfurt International Airport is also victim.

Ransomware was estimated to be a billion dollar business in 2016 and it will keep growing.

All of the attacks are being blamed on the same malware, called WCry, WannaCry, or Wana Decryptor. Wana Decryptor exploits a Windows flaw that was patched in Microsoft’s Security Bulletin MS17-010, which was disclosed back in March 2017.

Containment and Response:

  1. Immediate disconnect as many computers, servers, backups, USB thumbdrives, external hard drives, laptops, WiFi and any other means of data communications as quickly as possible.
  2. If it isn’t possible, implement firewall rules that blocks all inbound and outbound TCP and UDP traffic on Port 137, 138, 139, 445 and 3389 at all levels.
  3. Begin patching systems as soon as humanly possible. The patches are as followed:
    • Windows Server 2008 (all editions) – KB4012598
    • Windows Server 2008 R2 – KB4012212 (security only) or KB4012215 (monthly rollup)
    • Windows 7 – KB4012212 (security only) or KB4012215 (monthly rollup)
    • Windows 10 (all editions) – KB4012606 or KB4013198 or KB4013429
    • Windows Server 2012: KB4012214 (security only) or KB4012217 (monthly rollup)
    • Windows Server 2012 R2: KB4012213 (security only) or KB4012216 (monthly rollup)

Net Force will be available to respond to all requests for cybersecurity consulting and advisory during any cybersecurity or ransomware attack.