[SingCERT] Alert on wide-spread "Wannacry" Ransomware targeting unpatched Windows systems

Published on Saturday, 13 May 2017 14:28

Background
On 12th May 2017, SingCERT observed global wide-spread infection of a ransomware known as "WannaCry" aka. WanaCrypt0r. This ransomware has the capability to spread over the network by scanning for vulnerable systems, and infecting them. It then encrypts files on the system, and exhorts a ransom payment in bitcoin for the decryption of files.

Affected Systems
The following list of Microsoft Operating systems are known to be vulnerable if they have not been updated with the Microsoft Security bulletin (MS17-010-Critical)
  • Windows 10
  • Windows XP
  • Windows RT 8.1
  • Windows 8.1
  • Windows 7
  • Windows Vista
  • Windows Server 2016
  • Windows Server 2012 and Windows Server 2012 R2
  • Windows Server 2008 and Windows Server 2008 R2

Recommendations
  • SingCERT advises all users and companies with affected systems listed above to ensure that their Windows-based systems are fully patched. In particular, Microsoft Security bulletin (MS17-010-Critical) should be applied.
  • Users should ensure that their anti-virus software is updated with the latest malware definitions.
  • Users should perform file backups and store them offline in case they need to restore their systems following an attack.
References
Massive ransomware attack hits 99 countries http://money.cnn.com/2017/05/12/technology/ransomware-attack-nsa-microsoft/index.html
SingCERT Advisory on Ransomware dated 6 May 2016 https://www.csa.gov.sg/singcert/news/advisories-alerts/ransomware
Microsoft Security Bulletin (MS17-010-Critical) dated 14 March 2017 https://technet.microsoft.com/en-us/library/security/ms17-010.aspx