WCry (WannaCry) Ransomware

Joe Velderman

On Friday, May 12, 2017, a new strain of the Ransom.CryptXXX (WannaCry) strain of ransomware began spreading widely impacting a large number of organizations, particularly in Europe.

Wcry is demanding a ransom of $300 to $600 in Bitcoin to be paid by May 15, or, in the event that deadline is missed, a higher fee by May 19. The messages left on the screen say files will remain encrypted. It’s not yet clear if there are flaws in the encryption scheme that might allow the victims to restore the files without paying the ransom.

Microsoft pushed out a security update for this in April. Microsoft has also taken the unprecedented step of creating a hotfix for Windows XP and Server 2003. It is very uncommon for Microsoft to do this for operating systems that are past their end of life. This says a lot about how seriously the IT industry is taking this ransomware.

Antivirus applications including Windows Defender, Symantec, and Trend Micro have published updates to include known variants and component detection into their latest definition updates.

The Microsoft fix is MS17-010.  We strongly suggest that you update your organization’s workstations as well as any personal computers.

Users should be extremely suspicious of all e-mails received, particularly those that ask the recipient to open attached documents or click on Web links.

If you have seen any non-standard activity and believe that data may have been compromised, please contact the ProviNET Service Desk by calling 708-468-2001 or by e-mailing helpdesk@provinet.com. If you would like assistance ensuring that your organization’s data and IT systems are secure, please call ProviNET today at 708-468-2000 or by e-mailing info@provinet.com.

2 Comments

  • Mark Benda says:

    A new version will be coming out with a different kill switch. Please note that if you get hit, you can reverse the malware and the decryptor password is hard coded in the machine level programming if the malware.

    If IDS/IPS devices are in place, you will want to minimize the use of TOR since this malware unpacks and installs it on the host system.

Leave a Comment

Let\'s make sure you\'re a human: *