30 Nov Wanacrypt0r 2.0
Or, it’s the end of the world as we know it…
As you have no doubt heard, on Friday, the NHS in Britain was effectively shut down because of a new crypto virus. A security researcher accidentally shut it down, but the spread of this virus was so widespread that for the first time in recent memory, Microsoft issued patches for Windows XP and Server 2003 including during the weekend. Even though the virus is stopped, the success of this virus will enable copycats. For a complete breakdown of the risk, I recommend this article.
The virus comes in the form of an email that requires you to enter a password. Once you enter that password, you open the file and it immediately begins copying itself to all the computers on the network and encrypting your files. You have just hosed your network.
We’ve been hard at work on this all weekend.
- We wrote and executed a script that disables the main reason for this exploit an old technology called SMB v1.0. Some scanners and copy machines sadly still use this.
- We’ve installed and continue to install patches as they arrive and are ensuring that antivirus protection is up to date. We’re getting the PC’s that were turned off this weekend and the new patch for servers done.
- Local Backups are good but offsite backups are better. This malware will also encrypt backup files. We’ve been verifying offsite backups as well.
- We’re spreading the word. Don’t open emails that require a password UNLESS you talk to the person on the phone or by text that the message is legitimate.
While the vast majority of our customers have us manage their networks, some do not. We’ll be sending out some tips home users and others can use to make sure they’re safe from this virus attack.