Beginning early on Friday, May 12th 2017, a ransomware variant using the EternalBlue exploit for Microsoft Windows began spreading rapidly, locking down businesses and users in more than ninety countries. Tens of thousands of instances of the malware have been detected. This new ransomware variant known as WannaCry, WCry, WannaCrypt, or Wanna Decryptor, targets and exploits a previously known Microsoft SMB vulnerability.
Microsoft released a Critical Security Update in February 2017 (Microsoft Security Bulletin MS17-010) that addresses the vulnerability exploited by the attacks.
As always, we recommend customers perform testing on stage or offline systems as best practice prior to deploying in production environments.
- Immediately apply the Microsoft patch for the MS17-010 SMB vulnerability
- This update has been verified during the March 2017 MS Update Testing activities for supported versions of ClearSCADA and their supported Operating System versions.
- Immediately update your virus definitions (DAT file). McAfee has released an emergency DAT to include coverage for Ransom-WannaCry.
- We recommend keeping your virus definition files current by updating frequently.
- Ensure you have recent backups. This alone is the most effective way to recover from a ransomware attack.
- Ensure all other cyber-defenses are up-to-date.