WCry/WanaCry Analysis – Reading For Monday, May 15, 2017.

The chief of Europol warns the WCry/WanaCry crisis to grow Monday, May 15, 2017. That exhausted Europol’s reservoir of the useful comments for this “crisis.”

“Crisis” with parentheses because only unpatched but supported Windows systems and no longer supported Windows systems are vulnerable to WCry/Wanacry.

Exception for non-supported systems: Microsoft issued a patch for Windows XP, unfortunately, to protect against WCry/WanaCry.

Translation: If you are running Windows XP without the WCry/WanaCry patch, you can still be a victim.

For the more technically minded, Amanda Rousseau writes in: WCry/WanaCry Ransomware Technical Analysis:

As we discussed when this outbreak began, the WCry or WanaCrypt0r ransomware spread quickly across Europe and Asia, impacting almost 100 countries and disrupting or closing 45 hospitals in the UK. As the ransomware continued to propagate, I got my hands on a sample and quickly began analyzing the malware. This post will walk through my findings and provide a technical overview of the strain of WCry ransomware which caused the massive impact on Friday. Many have done great work analyzing this malware in action and helping contain its spread, and I hope my comprehensive static analysis will provide a good overall picture of this particular ransomware variant on top of that.

I assume you are:

  1. Not running Windows
  2. Are running supported and patched Windows
  3. Are running patched Windows XP (please don’t tell anyone)

If any of those are true, then Rousseau’s post makes great reading material for Monday, May 15, 2017.

If you are exposed, you should take steps to end your exposure now. Rousseau’s post can wait until you are safe.

Comments are closed.