WannaCry Ransomware in large scale international attacks

Published: Mon 15 May 2017 10:59 AM
13 May 2017
WannaCry Ransomware used in large scale international attacks
[This initial advisory is being updated. Current version is here.] What's happening
Systems affected
Earlier today a massive international ransomware campaign hit computer systems of private companies and public organisations around the world. This incident is being reported as the largest ransomware campaign to date. The Ransomware in question has been identified as a variant of ransomware known as WannaCry (also known as 'Wana Decrypt0r,' 'WannaCryptor' or 'WCRY'), because the encrypted files extension is .wcry. Like other ransomware, WannaCry also blocks access to a computer or its files and demands money to unlock it. Early reports were that the ransom demanded was around $430NZD, though this has allegedly doubled over the past few hours.
We’re learning more about this particular attack as it unfolds. At this point, CERT NZ understands that the initial attack vector is likely a phishing email with either a malicious attachment or link. The exploit penetrates into machines running unpatched versions of Windows (XP through 2008 R2) by exploiting flaws in Microsoft Windows SMB Server. Once a single computer in a network is infected with WannaCry, the program looks for other vulnerable computers on the network and infects them as well.
This ransomware exploits a Windows vulnerability known as EternalBlue, which was released by the Shadow Brokers hacking group over a month ago. Microsoft released a patch for the vulnerability in March (MS17-010).
What to do
The information we have shows that this ransomware's initial infection is spread through emails. There is conflicting information about the details and attributes of the initial emails however they are reported to contain either links or attachments. Be careful when opening emails and clicking on links – read our phishing information to know what to look out for. These emails could be from anyone, including an email address you’re familiar with.
Make sure you have backed up your system and files stored securely, off-network.
Make sure you have patched your system. Organisations using any Windows system between XP to 2008 R2 should ensure that mitigations are in place, particularly the MS17-010 Microsoft patch. If you’re not patched, consider disabling SMBv1 (this will stop some file sharing). There is no patch available for XP & 2003, these OS’s need to be either turned off or have SMBv1 disabled.
It is also important to ensure that staff are aware of this campaign, and reminded to be extremely vigilant with incoming emails containing links and attachments.
More information
The details on this release are relatively new and more information is coming to light constantly. For organisations that require further support or more specified advice, please log an incident on our website at Similarly, if you have been compromised with this ransomware, please contact CERT NZ.

Next in New Zealand politics

PREFU Shows Economy Doing Better Than Forecast
By: New Zealand Government
PM Statement On Cabinet COVID-19 Alert Level Review
By: New Zealand Government
Greens Unveil $297m Fund To Support Sustainable Food And Farming
By: Green Party
National Releases Its Plan To Restore NZ’s Prosperity
By: New Zealand National Party
New Zealand First Party List
By: New Zealand First Party
Arriving Travellers In Isolation To Be Able To Vote By Telephone
By: Electoral Commission
National To Invest In Our Children’s Future
By: New Zealand National Party
Numerous Arrests Following Investigation Into Historical Offending At Auckland School
By: New Zealand Police
An Extra 100,000 New Zealanders To Lose Their Jobs Under Labour
By: New Zealand National Party
New Zealand First – ‘Experience Needed Now More Than Ever’
By: New Zealand First Party
CTU Take On Pre-election Economic And Fiscal Update
By: Council of Trade Unions
PREFU Reveals Higher Debt And Unemployment, Lower Growth
By: ACT New Zealand
New Zealand First ‘Agrees To Disagree’ On Alert Level 2 Decision
By: New Zealand First Party
Alert Level 2 Continuation A Slap In The Face To New Zealanders
By: ACT New Zealand
Now Isn’t The Time To Be Making Life Harder For Farmers
By: New Zealand National Party
View as: DESKTOP | MOBILE © Scoop Media