It seems impossible that just a few weeks after the WannaCry Ransomware debacle in May there could be another serious compromise leveraging the same exploit.
That's right. Researchers say last Tuesday's attacks used a Windows flaw called EternalBlue to spread through corporate networks. WannaCry also leveraged the EternalBlue exploit, which was leaked as part of a trove of hacking tools believed to belong to the NSA. Microsoft issued patches for the exploits back in March.
Microsoft said it found that the ransomware is using multiple techniques to spread, including one that was addressed by the security patch released in March. It is continuing to investigate.
Here's what I want to know
We have known vulnerabilities and exposure points within our infrastructures and yet organizations continue to fail to do the obvious. Why? Why would we not prevent the known bad?
This is the easy part of cybersecurity. No analysis. No Zero Day. No discerning how they will get in. No fancy tools or security products to protect. Just patch your systems for the known vulnerabilities.
Here are UTG we are adamant about patching, testing and training. We believe we can mitigate 95-98% of your risk with this approach.
More info on the attack
Affected companies include:
- British advertising agency WPP (WPPGY)
- Russian oil and gas giant Rosneft
- Russia's Chernobyl nuclear power plant
- Global shipping company FedEx
- Danish shipping firm Maersk
- U.S.-based pharmaceutical company Merck (MRK)
- Global snack company Mondelez (MDLZ, owns Oreos, Cadbury and many more)
The Moscow-based cybersecurity firm, Group IB, estimated last Tuesday that the virus affected about 80 companies in Russia and Ukraine and confirmed the ransomware infects and locks a computer, and then demands a $300 ransom to be paid in Bitcoins.
According to Cisco Talos, the ransomware initially infected MeDoc, a piece of Ukranian accounting software. MeDoc then sent an infected file to customers. It spread to other computers on companies' networks by leveraging software holes (that are patchable, mind you). This ransomware was much more advanced than WannaCry, according to Craig Williams, senior tech lead and security outreach manager at Cisco Talos.
Although Ukrainian officials confirmed a possible link to MeDoc, the company denied its software spread the infection, saying in a Facebook post that an update sent out last week was free of viruses.