Threat Intel: New Versions of WannaCry Ransomware

As you know, on Friday there was a worldwide ransomware attack. Though that attack is currently partially halted, there are additional versions currently released that are live and active. Technical staff should be aware that this family of ransomware works by exploiting the Server Message Block vulnerability. Microsoft released patches on March 14 to address this. Even if you are not technically inclined, If not you believe these patches have not already been applied, it is critical that you install or ask your IT support to install these patches as soon as possible. More information about the patches can be found at the following links:

Current Systems: Microsoft Security Bulletin MS17-010

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

End of Support Microsoft Operating Systems

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598

If you believe a system is already infected, please contact Security Operations (security@osu.edu) immediately to discuss incident response options. While patching is critically important, if a user manually opens a malicious payload their system can still be compromised.

End User Resources:

Additional Technical Resources:

US-CERT Alert and general publications:

MS-ISAC updated advisory:

NASCIO Cyber Disruption Response Planning Guide:

US Government Interagency Technical Guidance and Executive OnePager on Ransomware:

News Resources:

Posted in: