Customer Guidance for WannaCry Ransomware Vulnerability

WannaCry Ransomware ^attack is a worldwide global cyber-attack targeting Microsoft Windows operating systems. This malware infects the user’s computer when he/she opens a phishing email or malicious attachments that download the "WannaCrypt" software that encrypts the data on the computer and demands ransom payment via bitcoin currency. Once the payment has been made the data is supposed to be decrypted allowing the user to get back full control of the system, but in many cases, the decryption fails, leaving the data unrecoverable.

At present Microsoft Windows, operating systems starting from Windows XP to Windows 10 and Windows Server 2003 to Windows Server 2016 are all affected by this WannaCry vulnerability.

In March 2017, Microsoft released a security update to address the vulnerability that these attacks are exploiting. For systems that have automatic Windows updates enabled, this security update is pushed to those systems and installed, thus protecting the system from this vulnerability. Those organizations that have automatic Windows updates disabled, or performing those updates manually on a scheduled cadence and have not applied this security update should deploy Microsoft Security Bulletin MS17-010 immediately.

If one of updates from the below table is installed on the system, the system is protected. March, April and May monthly rollups also includes all previous updates including March security update.

Table 1: WannaCry Ransomware Vulnerability

References:

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#sm.00003c9i8m587fd3svy1je9tf3kuv