Wanna Decrypter 2.0 ransomware attack: what you need to know
Updates as of 05/15/2017:
-
Multiple news reports have focused on how this attack was launched using NSA code leaked by a group of hackers known as the Shadow Brokers. That’s certainly what seems to have happened based on SophosLabs’ own investigation. A more detailed report on that is planned for early next week.
-
Sophos will continue to update its Knowledge Base Article (KBA) for customers as events unfold. Several updates were added today, and are summarized below in the “More guidance from Sophos” section.
-
Microsoft took the highly unusual step of making a security update for platforms in custom support (such as Windows XP) available to everyone. The software giant said in a statement: “We know some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download here.”
-
With the code behind Friday’s attack in the wild, we should expect copycats to cook up their own campaigns in the coming days to capitalize on the money-making opportunity in front of them, said Dave Kennedy, CEO and founder of information security consultancy TrustedSec.
-
The attack could have been worse, if not for an accidental discovery from a researcher using the Twitter handle @MalwareTechBlog, who found a kill switch of sorts hidden in the code. The researcher posted a detailed account of his findings here. In the post, he wrote: “One thing that is very important to note is our sinkholing only stops this sample and there is nothing stopping them removing the domain check and trying again, so it’s incredibly important that any unpatched systems are patched as quickly as possible.”
***
It was a difficult Friday for many organizations, thanks to the fast-spreading Wanna Decrypter 2.0 ransomware that started its assault against hospitals across the UK before spilling across the globe.
The attack appears to have exploited a Windows vulnerability Microsoft released a patch for in March. That flaw was in the Windows Server Message Block (SMB) service, which Windows computers use to share files and printers across local networks. Microsoft addressed the issue in its MS17-010 bulletin.
SophosLabs said the ransomware – also known as WannaCry, WCry, WanaCrypt and WanaCrypt0r – encrypted victims’ files and changed the extensions to .wnry, .wcry, .wncry and .wncrypt.
Sophos is protecting customers from the threat, which it now detects as Troj/Ransom-EMG, Mal/Wanna-A, Troj/Wanna-C, and Troj/Wanna-D. Sophos Customers using Intercept X will see this ransomware blocked by CryptoGuard. It has also published a Knowledge Base Article (KBA) for customers.
NHS confirms attack
National Health Service hospitals (NHS) in the UK suffered the brunt of the attack early on, with its phone lines and IT systems being held hostage. NHS Digital posted a statement on its website:
The UK’s National Cyber Security Centre, the Department of Health and NHS England worked Friday to support the affected hospitals, and additional IT systems were taken offline to keep the ransomware from spreading further.
Victims of the attack received the following message:
Find out today if your current system meets today's minimum security recommendations. Call Managed Solution at (800) 208-3617
[vc_row][vc_column][vc_column_text]
Azure Gov enables digital transformation | US Veterans Affairs
For the U.S. Department of Veterans Affairs, giving veterans access to information that is both clear and easy to understand is crucial, not only to help veterans make informed decisions about their healthcare but also to improve overall patient satisfaction and outcomes. Last month, in support of its initiative to enhance veterans’ access to quality healthcare, the U.S. Department of Veterans Affairs launched Access to Care – an online tool that allows public access and transparency to key data to help veterans, their family members, and caregivers make more informed decisions about healthcare. What you might not have known is that this online tool is powered by Microsoft Azure Government and SQL Server technology.
Built and hosted in multiple Microsoft Azure Government regions, the VA’s Access to Care site features highly-scalable, public-facing websites, giving veterans and their families an online portal that combines and simplifies complex data such as new and established patient wait times, satisfaction scores for access to primary and specialty care, and timeliness of urgent appointments. By using the site, veterans and their families can also quickly compare their VA facility with others and, where possible, provide an easy comparison to private sector facilities.
In addition to running on Azure Government, Access to Care uses Bing Maps to identify and plot the nearest VA facility locations on a map. Users can zoom, pan, and select the pins for each facility for more information. Through this mobile device-enabled interface, the site can answer veterans’ questions, such as:
o How quickly can the VA see me?
o How well does my VA’s care compare to other hospitals?
o How satisfied are veterans with their access to care?
o How is the VA doing with access overall?
According to a VA press release, “This tool is another example of VA leading the way,” said Dr. Poonam Alaigh, Acting Undersecretary for Health. “No one in the private sector publishes data this way. This tool will instill a spirit of competition and encourage our medical facilities to proactively address access and quality issues while empowering Veterans to make choices according to what works best for them and their families.”
Dr. David J. Shulkin, Secretary of Veterans Affairs, reinforced in the press release the importance of this work, saying, “No other health-care system in the country releases this type of information on wait times. This allows Veterans to see how VA is performing.”
“The VA is actively embracing digital government and taking things to a whole new level. Through the power of cloud technology, we are able to take information of great importance to Veterans and our stakeholders, such as the Access to Care website, and make it directly available to our constituents. The Access to Care site is an example of the new types of tools the VA will be pursuing that will foster transparency and empower the Veteran and our constituents to help them understand how the VA as a whole is doing and their local VA as well when it comes to access and quality of care.” – Jack Bates, Director, OI&T Business Intelligence Service Line, Veterans Affairs
A VA blog post also states that the new access and quality web tool is a work in progress and will continue to evolve and improve as stakeholders provide feedback. Leveraging agile development methodology, the VA and Microsoft teams supporting this initiative are planning several development sprints throughout the next few months. Version 2.0 of the site went live on May 1.
Microsoft is proud to be part of the VA’s initiative to enable greater transparency and to enhance the way it supports veterans around the world. This work expands on Microsoft’s commitment to provide the VA with the deepest set of services, capabilities, and compliance standards to help it best achieve its mission. For example, in March, the VA issued a FedRAMP High agency ATO to Microsoft Azure Government—a critical step in the agency’s readiness to use the cloud. By building and hosting Access to Care on Azure Government, the VA is continuing to embrace digital modernization and improve its services for veterans around the world.
To learn more about Access to Care, visit www.accesstocare.va.gov. To see how Access to Care works, please visit a demo in the VA’s blog post.
This work is further proof that worldwide government agencies like the U.S. Department of Veterans Affairs are choosing Microsoft as their partner to deepen their innovation and accelerate their digital transformation journey.
Microsoft offers the most complete, trusted, and secure cloud solution for our nearly 6 million government users across 7,000-plus federal, state and local organizations, empowering them to achieve more through digital transformation.
[/vc_column_text][/vc_column][/vc_row][vc_row font_color="#ffffff" css=".vc_custom_1471641930410{background-color: #6994bf !important;}"][vc_column][vc_column_text css_animation="appear"]
Learn more about professional services provided by Managed Solution
Network Assessment & Technology Roadmap
[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]
To Learn More about Professional Services, contact us at 800-208-3617
[/vc_column_text][/vc_column][/vc_row]
