UPDATED 5/15 9AM
The first wave of this attack seems to have passed – researchers believe they found a “kill switch” in the program – but we’re expecting to see new variants today.
Microsoft has released an update for Windows XP to fix the vulnerability that this uses. Even with this fix XP computers are unsupported and prone to other security flaws. We recommend upgrading to Windows 10 ASAP!
We have confirmed that the currently-known versions of the bogus PDF are caught by both Managed Antivirus (Bitdefender) and our ESET antivirus. That doesn’t mean that new variants will be detected immediately, though.
We continue to advise people to not open e-mailed PDFs – even from people you know – unless you’re specifically expecting the file. We also advise people to make sure Windows Updates are activated, and e-mail protection is in place.
Naturally, our Complete Care clients always have the most up-to-date protection and updates 🙂
UPDATED 5/12 4:55PM
We’re seeing reports that the initial attack is an infected PDF file. Please do not open any PDF files in e-mail unless you know what they are!
We’re watching a big ransomware attack spreading worldwide…
What we don’t know:
How individual systems are getting infected – this usually happens through SPAM e-mail or visiting infected websites.
What we know:
Systems are being infected by the WannaCrypt or WannaCry ransomware – their PCs run an encryption program which is unusually robust.
These machines then connect to other systems on the same network using exploits developed by the NSA and revealed recently.
Once the encryption is complete a warning box comes up, asking for $300, saying that your files are encrypted.
The ransom of $300 worth of bitcoins is actually pretty low, but that’s not the point.
What to do
Initial reports suggest that this is spreading from network-to-network using a PDF file with a filename like nm.pdf. This PDF contains a link that opens a Microsoft Word file containing infected code that starts the download of the encryption program. Do not open PDF files unless you’re specifically expecting them!
Until we have a better handle on exactly how the initial infections are happening it’s best to limit computer activity to the most essential tasks. It’s likely that this infection is coming in through e-mail, compromised websites, or both.
Make sure you’ve got good backups. Making sure you have system and software updates is a major first step, running up-to-date antivirus, e-mail protection, and malware protection are also important.
If you’re using our Charland Tech Complete Care services you’re already covered – we’ve been checking our clients’ systems and security all day watching this come through.
We’ll update this post as more details are available.
More details and updates here: https://www.wired.com/2017/05/ransomware-meltdown-experts-warned/