The PhishLabs Blog

Global WannaCry Ransomware Outbreak

Posted by Joseph Opacki on May 12, '17

Earlier today, news broke of a new WannaCry version propagating at a rate unseen before for ransomware. The initial infection vector (phishing, malvertising, etc.) is unknown at this time, but once inside the network it spreads rapidly by scanning for and exploiting Windows systems vulnerable to the NSA-crafted SMB exploits that were recently published by ShadowBrokers. In doing so, WannaCry is spreading well-beyond the initially-infected system and crippling networks. 

Reports indicate that early victims, including the U.K.'s National Health Service, are experiencing major system outages and disruption due to WannaCry. 

To reduce risk posed by WannaCry:

  • Deploy the MS17-010 update issued by Microsoft on March 14. This patches the SMB vulnerabilities being exploited by WannaCry. 
  • Run simulated phishing campaigns to prepare employees for the spear phishing email lures used to deliver ransomware like WannaCry.

It is highly-likely that other ransomware and malware families will take note of WannaCry's success and quickly begin using the same exploits. Organizations that have not deployed MS17-010 and who are not training their employees to recognize and report phishing attacks are at elevated risk.  

 

Topics: Phishing, Ransomware, WannaCrypt

    

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_

Posts by Topic

see all