Although this news is the most popular news right now, if you haven’t seen or read the news in the last few days, a major ransomware attack has affected many organizations across the world reportedly including Telefonica in Spain, the National Health Service in the UK, and FedEx in the US. The malware in questions is referred to as ‘WannaCry’.
What does WannaCry do?
The malware's the ability to scan over TCP port 445 (Server Message Block/SMB) and spreads similar to a worm, compromising multiple hosts and encrypting files stored on them.
IMPORTANT NOTE: This Malware doesn't just scan internal IP ranges to find a gap where it is able to spread, it is able to spread based on known vulnerabilities it discovers on other externally facing hosts across the internet.
Additionally, samples of ‘WannaCry’ has been found to use both ETERNALBLUE and DOUBLEPULSAR backdoor modules in its coding. This allows the ransomware to find previous compromised systems either on the initial network or over the internet to infect and spread the payload. If the exploit it detects fails, the DOUPLEPULSAR module has already deployed the malware onto the device and will leverage this to spread the payload to the newly acquired network.
All customers/organisations should ensure that any device that is running Windows are fully patched and up-to-date with the latest updates.
If you need more information, please contact to us