NTT Security Communication: WannaCry – May 2017
12 May 2017On Friday May 12, 2017, a major ransomware outbreak affected organizations globally. It has affected hundreds of thousands of computers around the world across 150 countries. The ransomware typically demands payments of $300 to $600, which are to be paid using bitcoins . The National Health Service (NHS), international shipper FedEx, telecommunications company Telefonica and others were among the organizations impacted.
The ransomware infection was spread via a massive email spam campaign. Original reports indicate the email subject line was possibly “Transferencia Banca en Línea” while others have reported other possible subject lines. Regardless, the ransomware, dubbed "WannaCry or WCry," locks down infected computers and demands the computer's administrator to pay a “ransom” fee in order to release control of their device. The ransomware is spread by exploiting vulnerability in the Windows OS, MS17-010, which Microsoft released a security patch for in March. Computers and networks that did not install the patch to help protect their systems are at risk. While WannaCry’s initial infection vector is still under investigation, ransomware is typically delivered via phishing emails or exploit kits. To find out more about how to protect yourself from the growing threat of ransomware, you can download the whitepaper here .
What have we done so far?
NTT Security has established a dedicated team to advise clients who are concerned about a potential attack. Our threat intelligence team has been monitoring and analyzing this ransomware and has created targeted plans to mitigate these risks. As a global service provider, we wanted to inform you that our systems and platforms are protected and monitored 24x7 and remain unaffected.
Last week, NTT Security issued the 2017 Global Threat Intelligence Report, which reported key findings and analysis on patching, phishing/malware and incident response. The executive guide and report can be viewed online here .
How we can help
Our recommendations now, and for the future, include:
- Install the Microsoft fix – MS17-010 – immediately
- Critical Security Update for Microsoft Windows SMB Server (4013389) https://technet.microsoft.com/en-us/library/security/ms17-010.aspx. Following the installation, reboot the system. The patch that closes the backdoor used by WannaCry to penetrate the system was released by Microsoft on March 14.
- Inform all of your employees, customers, partners and colleagues about ransomware and, in particular, how to detect phishing attacks such as this one.
- Put in place an incident response plan to minimize impact and costs should a breach occur.
- Improve internal knowledge and awareness of security among employees, including specific training on phishing attacks, and highlight the importance and implications of what people do when accessing and using corporate data.
- Secure all critical data by implementing the appropriate controls to protect, detect and respond to potential threats.
- Back up files on your home computer.
- If you have been affected and would like assistance to mitigate future issues, or you have concerns, please do get in touch by clicking here .
About NTT Security
NTT Security is the specialized security company of NTT Group. With embedded security we enable Group companies (Dimension Data, NTT Communications and NTT DATA) to deliver resilient business solutions for clients’ digital transformation needs. NTT Security has 10 SOCs, seven R&D centers, over 1,500 security experts and handles hundreds of thousands of security incidents annually across six continents.
NTT Security ensures that resources are used effectively by delivering the right mix of consulting and managed services for NTT Group companies – making best use of local resources and leveraging our global capabilities. NTT Security is part of the NTT Group (Nippon Telegraph and Telephone Corporation), one of the largest ICT companies in the world. Visit nttsecurity.com to learn more.