Since Friday, May 12, 2017, a major international ransomware attack affected 10,000 organizations and 200,000 individuals in 150 countries. Named “WannaCry,” the speed, impact and global spread of this attack is unprecedented. The federal departments of Health and Human Services and Homeland Security, along with the US Computer Emergency Response Team, have all issued alerts. This ransomware encrypts most files on the infected computer, and demands a ransom payment for a decryption key. The FBI urges that no users make a ransom payment.
This attack affects all versions of Microsoft Windows that have not been patched with Microsoft’s March 14, 2017 security update. See Microsoft Security Bulletin MS17-010 for details. If you have this update, you are not vulnerable. So, if you have automatic updates enabled, and/or if you patch regularly, you are likely safe. We recommend that you verify that all systems are up-to-date. Microsoft has also taken the unusual step of issuing security updates for its discontinued systems, Windows XP and Windows Server 2003. Review Microsoft’s Customer Guidance for WannaCry Attacks for access to these patches for obsolete systems.
As always, avoid opening an attachment that you receive via email unless you know it is safe, as this is the initial method of infection. Once the malware infects a computer, it spreads both within the local network and throughout the broader internet.
Since the malware’s release on Friday, there have been multiple developments, and new variants of the ransomware have already been created. For additional technical information and updates, we recommend that you consult security vendor Wordfence’s post “New WannaCry Ransomware and How to Protect Yourself”.
Ransomware is a global epidemic affecting all sectors of the economy, worldwide, including government and healthcare. It has been widely reported that Britain’s National Health Service was disrupted by this attack. See our post 2016: Hospitals targeted with Ransomware, patients harmed, losses incurred regarding impacts of previous ransomware attacks. For advice on protecting against ransomware, please see Preventing and Mitigating Ransomware Attacks. If you are regulated by the HIPAA regulations and are affected by this attack or any ransomware, see Ransomware Guidance from OCR to understand your obligation to report this breach under HIPAA.
Please feel free to contact us for more information.