Earlier today, news broke of a new WannaCry version propagating at a rate unseen before for ransomware. The initial infection vector (phishing, malvertising, etc.) is unknown at this time, but once inside the network it spreads rapidly by scanning for and exploiting Windows systems vulnerable to the NSA-crafted SMB exploits that were recently published by ShadowBrokers. In doing so, WannaCry is spreading well-beyond the initially-infected system and crippling networks.
Reports indicate that early victims, including the U.K.'s National Health Service, are experiencing major system outages and disruption due to WannaCry.
To reduce risk posed by WannaCry:
- Deploy the MS17-010 update issued by Microsoft on March 14. This patches the SMB vulnerabilities being exploited by WannaCry.
- Run simulated phishing campaigns to prepare employees for the spear phishing email lures used to deliver ransomware like WannaCry.
It is highly-likely that other ransomware and malware families will take note of WannaCry's success and quickly begin using the same exploits. Organizations that have not deployed MS17-010 and who are not training their employees to recognize and report phishing attacks are at elevated risk.