The malware outbreak that is dominating headlines and affecting organisations across the world right now is a variation of common ransomware applications. This exploit is referred to as WannaCrypt or WannaCry.
Some of the attacks we are observing use common phishing tactics including malicious attachments in emails. Once the attachment is opened the attack spreads via open remote control sessions and legacy file connections (SMBv1).
As always, customers should use vigilance when opening documents from untrusted or unknown sources. We would advise all customers to take this opportunity to remind all staff to remain vigilant and to never open attachments where the email is from an unknown source.
Fortunately, a method was included in the malware code to switch off the malware and effectively stop it from spreading across the internet. This 'killswitch' has been invoked and infections are being blackholed. However, this is likely be the first phase and this attack type may evolve over time, as such making sure you are suitably patched and are blocking any services or applications that aren’t required for your business will provide additional protection.
Windows desktop and server machines are at risk. Machines with Windows OS that are currently under Mainstream Support with Microsoft (Windows 7 and newer, Server 2008 and newer) have a patch which was made available in March. These machines supported by CORETX would be protected as part of the normal patching schedules.
For Windows OS that are outside of mainstream support, Microsoft released a patch on Friday 12 May 2017 (mostly XP and Server 2003). Where we are aware of customers with vulnerable systems such as these, we will be in contact as soon as possible to discuss a suitable approach.
If you suspect you may have been impacted by this attack or are vulnerable to it, please call our support team on 0344 874 1309 to raise a ticket for assistance or to seek advice. We will be in touch with all CORETX customers next week to discuss actions that can be taken to mitigate risks against further attacks of this nature.