Recommendation and information WannaCry / WannaCrypt0r2.0
As you are probably already aware of the massive worldwide cyber attack we hereby start with some initial information and recommendations. This page will be updated regularly to post new information. The SecureLink Cyber Defence Center is on high alert and monitoring this very closely. It is a ransomware attack which seem to spread very fast, also internally within a network via tcp port 445.
The malware is called WannaCry/WanaCrypt0r 2.0 which is also spread further via the SMB protocol. Microsoft has released a patch for this (MS17-010). For now we assume that this only affects Windows systems.
A first advice is to check whether the MS17-010 patch is installed, if not you should do this immediately. If you have internal segmentation within your network you should temporarily block tcp port 445.
If you are already a victim then the advice is to:
- Isolate the infected devices from the network
- Restore backups and make sure that you installed the Microsoft patch before you connect the system again to the network
External information can be found here: