Guidance for customers regarding May 12th Ransomware attack | BAE Systems | Cyber Security & Intelligence

This website uses cookies. By navigating around this site you consent to cookies being stored on your machine

Newsroom

Guidance for customers: Wanacrypt0r ransomware

Wanacrypt0r Ransomworm
On the 12th of May 2017, a number of organisations across the world were subject to a ransomware attack.
The ransomware locks people out of their network and demands payment to allow them access to their information. BAE Systems is currently working alongside the NCSC (National Cyber Security Centre) in the UK, and other organisations within the security community, to investigate the incidences.
 

What we know

  • The ransomware worm uses one of the “Shadowbroker” exploits identified earlier this year (MS17-010)
  • Microsoft released a patch for this on the 14th March which corrects the vulnerability. However, unpatched machines are exposed to this attack. 
  • The ransomware worm is capable of getting into other parts of the network (lateral propagation) using this vulnerability.
  • The way it gains access to the network has not been confirmed at this stage. It is likely to include (but not be limited to) emails containing malicious payloads. A malicious payload is the software designed to damage or destroy information on a computer.
  • Whilst detection rules and indicators are available to find the ransomware, these alone will not prevent infection.
 

What we recommend to reduce your exposure

 

What to do if you’ve been infected

  • Don’t pay the ransom. There is a strong possibility that the BitCoin address is non-unique which suggests that the propagators would not be able to tell who’s paying them and therefore have no intention of unlocking your data
  • Rebuild your patched machine
  • Restore from back-up
 
 
If you are concerned and would like to speak to one of our experts about your network defence please contact us on: 
E: cyberresponse@baesystems.com 
UK: 0808 168 6647
US: 1800 417-2155
International: +44 (0)1483 817491