© 2015 by CPM Consulting Ltd

Search
  • James Hickey

Ransomware attack.


Over the last 48 hours, A RANSOMWARE THREAT affecting Windows OS - known as "WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, or WCRY" has infected more than 230,000 windows devices across the internet.

CPM also understands Telefonica Spain & Train services in Madrid have been affected.

At the time of writing this article, it CPM understands the following companies have been affected:

National Health Service (England) NHS Scotland Telefónica Deutsche Bahn Vivo (Telefônica Brasil) Lakeridge Health PetroChina Public Security Bureau Sun Yat-sen University Renault Telenor Hungary (Hungary) Andhra Pradesh Police University of Milano-Bicocca Q-Park Portugal Telecom Automobile Dacia Ministry of Foreign Affairs (Romania) MegaFon Ministry of Internal Affairs (Russia) Russian Railways (Russia) LATAM Airlines Group (Chile) Banco Bilbao Vizcaya Argentaria Sandvik Nissan Motor Manufacturing UK FedEx Massachusetts Institute of Technology + more....

CPM Consultancy will NEVER SUGGEST to pay any ransom!

if you have been affected by this your files are GONE!

We have not found 1 instance of someone actually decrypting their files.

It is known the attackers are demanding money into (at least) 4 BTC wallets.... At the time of writing, the total sum of money in these wallets has been steadily increasing...

2017-05-13 20:00:14 | $26 407.85 USD. 2017-05-13 21:23:27 | $26 737.59 USD. 2017-05-13 22:00:17 | $27 039.09 USD. 2017-05-14 00:00:21 | $27 188.49 USD. 2017-05-14 02:00:13 | $27 808.7 USD. 2017-05-14 04:00:13 | $29 194.1 USD. 2017-05-14 05:17:22 | $29 117.85 USD. 2017-05-14 06:00:21 | $29 781.58 USD. 2017-05-14 08:00:14 | $30 706.61 USD. 2017-05-14 10:00:14 | $31 012.41 USD. 2017-05-14 12:00:21 | $32 021.68 USD. 2017-05-14 14:00:14 | $33 319.59 USD. 2017-05-14 16:00:13 | $33 912.98 USD. 2017-05-14 18:00:21 | $34 902.53 USD. 2017-05-14 20:00:14 | $35 152.37 USD.

International attempts have been made to prevent the spread of a particular variant of WannaCry.

CPM Consultancy is ready to prevent threats like Ransomware from your personal and business network.

We ANTICIPATE different variants of the virus by next month- and throughout 2017, that will use additional vectors to spread, including the targetting known vulnerabiltes in the Windows Remote Desktop Protocol.

IF YOU ARE RUNNING: - Windows 7 - Windows 8.1 - Windows 10 - Windows 2007 - Windows 2010 - Windows 2013 - Windows 2016 - Windows VISTA - Windows XP

And have not patched recently, Please...Fully Update your computer.

The Specific patch which fixes WannaCry is MS17-010, and can be downloaded below:

Firewalling ports 445, 139, 3389 from ANY external access is important.

Updating the Windows Operating System and patching is essential.

Additional Protections can include.

Removing all SMBv1

Windows 8.1 users & Windows 10 can hit [Windowskey + R] and type "powershell" and hit enter.

or

Go to Start > Type "power" > right click on Windows Powershell > Select Run as Administrator

and in the powershell window type:

Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

and hit enter - this will disable SMBv1 protocol.

Vaccination of Computer from WannaCry threat

The following binary file will vaccinate and prevent the WCRY Ransomware tool from ever being able to run:

https://s3-eu-west-1.amazonaws.com/minervaresearchpublic/Tools/Vaccinator.exe

This file creates infection markers on your machine to fool the virus into automatically thinking you are already infected... This is not required if you are fully patched.

#ransomware #cybercrime

11 views