Pub. 5 2017 Issue 2

Issue 2. 2017 17 WannaCry: Stop What You’re Doing and Patch Your Computers! By: Jon Waldman Partner, EVP of IS Consulting - SBS CyberSecurity, LLC W annaCry (also known as WannaCrypt, WanaCrypt0r, wCry, etc.) is the biggest malware event the Internet has ever seen, hands-down. And it was launched just last Friday! This version of ransomware is the prophetic fulfillment of all those fire-and-brimstone IT folks that have been saying there will be a global malware epidemic. WannaCry is being called a “weapon of mass destruction,” and while that may be a bit extreme, all the “patch or perish” warnings being issued are 100% accurate. What is WannaCry and how does it work? The second version of WannaCry ransomware (the initial version first appeared in March of 2017) was released on Fri- day, May 12th. Before the end-of-business on that day, Wan- naCry was known to infect over 125,000 computers connected to the Internet. This particularly nasty strain of ransomware exploits a pair of zero-day vulnerabilities (ETERNALBLUE and DOUBLEPULSAR) that were first identified by the NSA and leakedby a hacking group known as “the Shadow Brokers.” The vulnerabilities take advantage of SMB weaknesses (DOU- BLEPULSAR) and also utilize worm-like properties (ETER- NALBLUE), meaning the ransomware spreads itself automati- cally to any victim contacts it can find. WannaCry, as with most ransomware, works by encrypting your files and demanding a ransom payment in exchange for the decryption key to your files. The ransom starts at $300 for the first 6 hours, granting the victim up to 3 days to pay the ran- som before it doubles to $600. If you don’t pay within a week, then the ransomware threatens to delete the files altogether. WannaCry even allows a victim to decrypt a few files to show you that you will, indeed, get your files back. Pictured: Screenshot of WannaCry’s Ransom Message  WannaCry: Stop What You’re Doing and Patch Your Computers! — continued on page 18