WanaCrypt0r – Will Make You WannaCry

WannaCry is a fast‑spreading ransomware worm that spreads itself by using the ETERNALBLUE SMB vulnerability. This vulnerability was made public in April 2017 by the hacker group ShadowBrokers, who published several leaks containing some of the National Security Agency (NSA)’s hacking tools, including several zero‑day exploits.
This ransomware targets computers running on unpatched or unsupported versions of Windows. Once a PC is infected, it scans for other vulnerable computers on the same network.

Microsoft applied patches in March 2017 to supported operating systems, but older systems such as Windows XP were left exposed. WannaCry uses strong RSA‑2048 encryption, making it nearly impossible to decrypt.

At the time of writing, over 250,000 computers across 150 countries had been affected — including hospitals, telecommunications, courier services and more. Australia had only a few reported cases, but more were expected as the work week began.

The reason so many machines were compromised is simple: many organisations and users had not kept up with security updates. Many PCs were still running unsupported operating systems and were not applying Windows Updates.

A MalwareTech researcher researcher temporarily halted the spread by registering a domain hidden in the malware, creating a “sinkhole” that stopped the ransomware from executing. However, the threat was far from over.

Bad actors will undoubtedly re‑write, re‑work and re‑deploy this ransomware.

What You Need To Do

If you haven’t already, make sure your PCs are up‑to‑date. Don’t assume they are.

• Windows 10 users are generally safe from this specific vulnerability.
• Windows Vista, 7, and 8.1 users who regularly update should already have the patch from March.
• Windows Server 2008, 2008 R2, 2012, 2012 R2, and 2016 also received patches.

If you’re unsure or know your system is behind, update immediately. The patch for this vulnerability is MS17-010.

Educate employees on safe computing practices. Knowing what not to click is essential.

Is Up-To-Date Patching Enough?

No – patching only fixes the specific vulnerability.

WannaCry, like all ransomware, can still infect users through:

• malicious links
• email attachments
• drive‑by website visits

You should never rely solely on patches.

At minimum:

• Install a reputable antivirus program
• Use a secondary malware detection tool such as MalwareBytes
• Businesses should use a secure, multi‑function threat management firewall (F5 Solutions recommends WatchGuard)

Businesses often feel that security upgrades are too expensive, but if your business relies on computers, it is essential that they are secure, current and efficient.

Backing up your data regularly is critical. If ransomware gets through, your data remains safe. Ensure backup drives are removed after completion.

A secure off‑site automated backup provides an additional safety net.

Finally, if you or your business are still running Windows XP, there has never been a better time to upgrade.

Need Help?

For help, support or guidance on any of the above, don’t hesitate to contact us.