If you've been following security news over this weekend, you may have heard of WannaCry. Here is the latest update from Colin Smith, one of our engineers:
This weekend was especially loud for IT making the mainstream news, as a ransomware variant called "WannaCry" hit a significant number of systems since Friday - notably affecting the National Health System in the UK. We've gotten a number of client calls about this so far, and I wanted to get you an update on where we are on it:
-The vulnerability is corrected by a patch to **supported** Windows systems (KB4012598) released March 14th and approved on all our client systems by April 14th, the day that the vulnerabilities they fixed were publicized. All Focus-covered machines that have been online for their maintenance window should have had this patch for about a month now.
-In response to the widespread attacks on public systems this weekend, Microsoft also released a patch for **unsupported** operating systems server 2003, Windows XP, and Windows 8. This patch was released on Saturday (May 13th) and is not being pushed through an automatic update. We are developing a procedure to get this on our clients' unsupported operating systems as soon as possible.
Another Endsight engineer Joel Asaro weighed in with some notes for clients as well as a step by step play of the attack:
You have probably heard about the WannaCry ransomware that started late last week and is reportedly the largest ransomware attack to date. What makes this malware so potent is that it takes advantage of one of the exploits that was released by the "Shadow Brokers" group a few weeks back. In addition to encrypting and ransoming files, it uses this exploit to worm from computer to computer in a network. The good news is that Microsoft released a patched for this vulnerability in all supported operating systems back in March. Endsight has long since approved and pushed this patch for all machines we are authorized to patch and that are online.
It is important to note that initially no patch was released for unsupported systems (i.e. Windows XP, Server 2003, etc.). However, due to the scale of this attack, Microsoft released patches specifically for this vulnerability over the weekend. Endsight has these patches and is preparing to roll them out overnight tonight. Note these patches do require a reboot and that will happen automatically after the patch is applied.
Going forward, this attack continues to highlight the critical importance of patching machines, having good backups and not exposing any unnecessary services to the Internet. While it is helpful of Microsoft to have patched unsupported operating systems, we should not expect that to continue and those systems need to be upgraded/replaced If you have questions or concerns, please reach out to your account manager or open a ticket with the Response Center.
You need not worry. Know that we are taking care of rolling out the appropriate patches, and we are constantly taking precautions to keep your data and technology as secure as we can. Having said that, there is no guarantee that Microsoft will produce updates for this sort of patching in the future. So you may want to seriously consider retiring old unsupported technology that you may have on hand.
What this means for everyone else -
Microsoft made updates available for old technology. If you are not a client and want to learn more about how to protect your business IT network, let us know. We'll be happy to have a conversation about putting an IT strategy in place for your business. Simply request information.