WannaCry & The Reality Of Patching: Trend Micro on the latest WannaCry Ransomware attack

Trend Micro claims to have detected and monitored WannaCry since its emergence in the wild in April, 2017, and has been protecting users and enterprises with the ransomware protection features of machine learning-infused Trend Micro XGen security. The initial variant (RANSOM_WCRY.C) was typically distributed via phishing attacks that then had users downloading the malware from Dropbox. The WannaCry ransomware variant of 12-May-2017 has been engineered to take advantage of the most common security challenges facing large organizations today. Starting with a basic phish, this variant uses a recent vulnerability (CVE-2017-0144/MS17-010) allowing the ransomware to spread like a worm throughout unprotected networks.

WannaCry ransomware targets and encrypts 176 file types. Some of the file types WannaCry targets are database, multimedia and archive files, as well as Office documents. In its ransom note, which supports 27 languages, it initially demands US$300 worth of Bitcoins from its victims—an amount that increases incrementally after a certain time limit. The victim is also given a seven-day limit before the affected files are deleted—a commonly used fear-mongering tactic. WannaCry leverages CVE-2017-0144, a vulnerability in Server Message Block, to infect systems. The security flaw is attacked using an exploit leaked by the Shadow Brokers group—the “EternalBlue” exploit, in particular. Microsoft’s Security Response Center (MSRC) Team addressed the vulnerability via MS17-010 released March, 2017.

ShardaTickoo, Technical Head at Trend Micro, India, said," Primarily the regions that have been attacked by the ransomware ‘WannaCry’ include UK, Europe and the APAC region, which include India as well. The data is still being gathered. It’s more of panic situation been built-up. No specific sectors have been targeted and neither is there an intent to target any specific sector, it’s across Government, IT/ITES, healthcare etc. We have seen customers calling us just to see if the controls are in place. There have been some cases reported, but the number is not significant. Our support lines are jammed, and the team has been working overtime through the weekend. There have been customers who have acknowledged being hit by significant ransomware attacks, and our products at the