On the morning of the 12th of May 2017, we were alerted of a massive ransomware attack to several Spanish companies that affected vulnerable Windows operating systems. It has subsequently been confirmed that the attack has had worldwide repercussions, affecting many countries.
The objective of this attack is to encrypt all the data files and to request a ransom for its decryption. More specifically, for each decrypted computer, it asks 300$ to be paid via Bitcoin.
From the very early hours of the attack, our team of security experts indicated that the attack, called "WannaCry" or "WannaCrypto", starts through a remote execution of code by using a hacking tool called "EthernalBlue". This tool is part of a set that the Shadow Brokers organization on 14th May 2017 declared to have stolen from the USA National Security Agency (NSA). The analysis of the Panda Security lab has revealed that the attack exploits the SMB (MS17-010) vulnerability https://technet.microsoft.com/en-us/library/security/ms17-010.aspx and uses it as the method of spreading itself across the internal network.
We want to emphasize that customers using Panda Security solutions are fully protected against this newly released malware. In any case, at Panda Security we consider the application of the security patch https://technet.microsoft.com/en-us/library/security/ms17-010.aspx as absolutely critical to completely close the door to these kinds of attacks.
Steps to apply the (MS17-010) security patch
- For Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 and Windows Server 2012 R2, Windows RT 8.1, Windows 10, Windows Server 2016, Server Core installation option versions:
- Access the Microsoft page containing the (MS17-010) patch:
- Locate your operating system in the chart, click the download link on the left of the column, as shown in the image below.
- Once downloaded, run the file to proceed with the installation of the patch.
- For Windows XP/2003 versions: Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64
Please find below the links of the different versions, as indicated in this TechNet article. Simply click on it, select the language you wish and download and install the corresponding file:
NOTE: To find out the operating system of your computer, right-click on the My PC or This computer icon at the desktop and select Properties.
We want to remark that customers using the latest versions of all Panda Security solutions are protected against this newly released malware.
Panda WannaCry Fix tool
Being aware of the massive spread of the attack and with the aim to help as many affected users as possible, the Panda Security experts have developed a tool for non-Panda customers as well as for Panda customers whose computers do not have the Panda protection installed. Please refer to article Panda Security vaccine and disinfection tool for #Wannacry.
Webinar - Friday 19th May 2017 at 13:00 (Madrid time)
Luis Corrons, PandaLabs Technical Director, will talk about:
- Anatomy of the attack stages and its replicas.
- Complete WannaCry Technical Report and the free vaccine developed by PandaLabs for businesses who are clients of other companies and were infected by the attack.
- FAQs concerning WannaCry