Reports are coming in from Europe that a new form of ransomware called WannaCry/WanaCrypto 2.0 is using the previously patched MS17-010 vulnerability. This vulnerability was part of an 0-day exploit dump that occurred a few weeks ago by a group calling themselves “The Shadow Brokers.” This vulnerability affects SMBv1, SMBv2, SMBv3 in Windows Versions XP, 2003, 7, 2008 and 2008r2. Currently the malware is spreading by acting as a worm (A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it.). Because of this type of action, it has already affected companies in the UK and EU like KPMG, Fedex, Vodafone and others. It has also taken down a large number of hospitals belonging to the UK’s National Health Service. UCLA IT Security is advising people to apply the MS17-010 patch ASAP. Be aware that there is no method of decryption publicly available at this time. Any sites offering this service are potential phishing sites for the malware.
Please visit the Microsoft website for more details on the vulnerability: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx.
