Wanacrypt0r Ransomworm
The ransomware locks people out of their network and demands payment to allow them access to their information. BAE Systems is currently working alongside the NCSC (National Cyber Security Centre) in the UK, and other organisations within the security community, to investigate the incidences.

What we know

  • The ransomware worm uses one of the “Shadowbroker” exploits identified earlier this year (MS17-010)
  • Microsoft released a patch for this on the 14th March which corrects the vulnerability. However, unpatched machines are exposed to this attack. 
  • The ransomware worm is capable of getting into other parts of the network (lateral propagation) using this vulnerability.
  • The way it gains access to the network has not been confirmed at this stage. It is likely to include (but not be limited to) emails containing malicious payloads. A malicious payload is the software designed to damage or destroy information on a computer.
  • Whilst detection rules and indicators are available to find the ransomware, these alone will not prevent infection.

What we recommend to reduce your exposure


What to do if you’ve been infected

  • Don’t pay the ransom. There is a strong possibility that the BitCoin address is non-unique which suggests that the propagators would not be able to tell who’s paying them and therefore have no intention of unlocking your data
  • Rebuild your patched machine
  • Restore from back-up
Read our detailed technical blog for more information
If you are concerned and would like to speak to one of our experts about your network defence please contact us on: 
E: cyberresponse@baesystems.com 
UK: 0808 168 6647
US: 1800 417-2155
International: +44 (0)1483 817491
12 Default Profile Image
Cyber Respond


UK: 0808 168 6647 
Intl: +44 (0) 330 158 5263
If you think you have been a victim of a cyber attack contact our 24/7 Cyber Incident Response Team.