Ransomware WanaCrypt0r – Recommendations

On Friday, May 12, 2017, a cybersecurity incident was reported which some organizations in the world suffered.

This is an attack on a “0-day” vulnerability where a massive infection of computers was registered because of ransomware malware called WanaCrypt0r, a variant of WCrypt/WannaCry. Such malicious software that encrypts the affected system information and continues spread on the internet, with the passage of hours.

It’s suspected that this virus enters on the computer’s organizations through an email attachment, which exploits an operating system vulnerability. .

The infection and propagation is performed only on computers with a Windows operating system, using as a vector a vulnerability in the Windows File and Folder Sharing (SMB) system.

Given the criticality, it is recommended to apply the security patches of urgency taking into account that the affected resources are:

  • Microsoft Windows Vista SP2
  • Windows Server 2008 SP2 and R2 SP1
  • Windows 7
  • Windows 8.1
  • Windows RT 8.1
  • Windows Server 2012 and R2
  • Windows 10
  • Windows Server 2016

 

It is recommended to apply the latest security patches that Microsoft released on 05/10/2017: https://support.microsoft.com/en-us/help/4012215/march-2017-security-monthly-quality-rollup-for-windows-7-and-2008_r2.
For more details on this security patch, please consult: https://www.certsi.es/alerta-temprana/avisos-seguridad/boletines-seguridad-microsoft-mayo-2017.
Note that Windows XP does NOT have a patch reported by Microsoft against this vulnerability.

In addition, as mitigation measures, it is recommended:

  • Isolate infected computers from the network.
  • Block communication of 137 / UDP and 138 / UDP ports as well as 139 / TCP and 445 / TCP ports in organizations’ networks.
  • Block port 445 at edge of network: Prevent automatic entry of ransom from outside the network.
  • Block port 445 in internal network traffic: The above will interrupt the windows shared folder system (SMB).
  • Avoid opening files and / or links from unknown sources whether they are received by email or downloaded from untrusted websites.
  • Backup all your company critical information.