Home >  Blog >  WannaCry ransomware attack

WannaCry ransomware attack

Posted by Michael Trimblett on 18 May 2017

As you may be aware, the tech news headlines over the past week have been dominated by the new strain of ransomware called "WannaCry".  This ransomware leverages a bug in Microsoft Windows computers which encrypts all of your data then requests payment in Bitcoin.  Those of you who have been following this blog over the years would recognise the modus operandi of this ransomware being very similar to that of the original Cryptolocker ransomware.  There is nothing technically different about this ransomware however, the method of infection and the amount of Bitcoin requested differ from the original Cryptolocker ransomware.

Ransomware usually infects a computer when a user opens a phishing email which then infects that computer with WannaCry.  Once installed, WannaCry uses the EternalBlue exploit developed by the U.S. National Security Agency (NSA) to spread through local networks and remote hosts, that have not been updated with the most recent security updates, to directly infect any exposed systems.  The infected computer then displays a message which demands a ransom for the decryption of your data.  What's different about WannaCry is that it demands only $300US worth of Bitcoin (which doubles after 3 days if not actioned).  This is considerably less than previous ransomware products which can easily demand 4-5 times that amount of Bitcoin.

A "critical" patch had been issued by Microsoft on 14 March 2017 to remove the underlying vulnerability for supported systems, nearly two months before the attack in May, but the affected organisations had not yet applied it.

For those of you on Loyal I.T.'s Managed Services, the installation of these patches has been performed automatically and as a result, those PC's and servers that are managed, are not vulnerable to this attack.  Loyal I.T.'s recommended antivirus product, Vipre Antivirus, detects and quarantines WannaCry before it can encrypt any data.

As we follow Microsoft's Best Practices, all PC's and servers we setup have Windows Updates configured and activated.  However, if you would like Loyal I.T. to confirm the patches have been applied to your systems, please contact us on 02 4337 0700 or email help@loyalit.com.au to log a ticket.
Michael TrimblettAuthor:Michael Trimblett
About: Michael has been in the information technology industry since 1998 and has a passion for everything technology. He has a technical background as a qualified network engineer, project manager and is qualified as a Certified Ethical Hacker.
Connect via:TwitterLinkedIn
Tags:WindowsNewsNetworking Security

Log a Job
Or an Enquiry

help@loyalit.com.au

Loyal IT
Latest news

5 December 2024
22 Years of Gratitude As December commences , we’re reflecting on an incredible milestone— finishing a m...
Read All Latest News

Our Clients
say

David was a champion on the helpdesk and he did really well on a ticket that we logged recently.

Dan Challinor
Read All Testimonials

Resources Helpful
fact sheets

Download Our Fact Sheets

Sign Up for Newsletter