WannaCry Screen Shot

WannaCry Screen Shot

Mother’s Day weekend 2017 will certainly be remembered as a bad one by lots of people in the IT industry.  Beginning on May 12, 2017, a new piece of Ransomware was released on the world.  Initially impact was thought to be largely in Europe.  But by May 13th it was clear that this was spreading world wide.  Large companies that publicly admitted to having been impacted by this Ransomware included FedEx, Mitchell International (An Auto Industry Software Vendor), Telefonica in Spain, the National Health Service in the UK,  as well as countless companies covering the globe, not to mention all of those that are trying to keep this problem quiet over the Mother’s Day weekend.

The tragedy is that this could have been prevented in a number of ways for most of the organizations that have been impacted.  On March 14, 2017 Microsoft released a Critical Security Bulletin that detailed the vulnerability in all Microsoft operating systems excluding Windows 10, and Windows Server 2016 (which never had the vulnerability to begin with).  Later in March of 2017 Microsoft released a patch that addressed the security vulnerability that was exploited in this attack.

This vulnerability is so bad in fact that Microsoft has released fixes for Windows XP, Windows 8, and Windows Server 2003.  Simply applying these patches as dictated by best IT Management Practices would have prevented this infection, but that is not the end of the story.  Even if you did not or could not update your systems there were ways of preventing the attack.  Use of a Domain Name System Filtering also stopped the execution of this vulnerability using a feature that disallows connectivity to newly created Internet Domain Names.

This Ransomware actually employs a technique we have not seen used in a while, which is one that allows the Ransomware to replicate over a network of un-patched computers, making the damage significantly worse.  It is clear that lots of people have been paying the Ransom as BitCoin (the Ransom Currency) prices have increased over 14% in the past week.

This incident once again underscores the importance of having a competent, security minded IT team working to ensure your business is safe.