[SingCERT] Technical Advisory for System Administrators on "WannaCry Ransomware"
15 May 2017
On 12th May 2017, there was a global wide-spread infection of a ransomware known as "WannaCry", aka. WanaCrypt0r. This ransomware exploits a known critical Microsoft Windows Server Message Block 1.0 (SMB) vulnerability (MS17-010), which allows remote code execution, providing a worm-like capability to propagate through a network by scanning for vulnerable systems and infecting them. It then encrypts files on the system, and extorts a bitcoin ransom in exchange for the decryption of files.
This advisory serves to provide system administrators with technical information to safeguard their networks against this cyber threat.