Security firms have spent the weekend analysing the WannaCry/WanaDecryptor ransomware code, producing a series of best-practice advice to help individuals and organisations to avoid infection.
Many experts believe that the malware attacks systems by exploiting a known flaw in Microsoft Windows SMB Server, MS17-010, thought to have been used by the NSA in the past.
Security firm Bitdefender suggests that WannaCry is one of the biggest threats that both end users and companies have had to face recently.
A spokeperson from Bitdefender explained that the ransomware can move itself around networks, once it has found a way in.
"Because the list of vulnerable Windows PCs can be found through a simple internet scan and the code can be executed remotely, no interaction from the user is needed. Once the PC is infected, it acts like a worm, it replicates itself in order to spread to other computers.
The firm analysed the malicious software, and found that the wormable component is based on the EternalBlue exploit that had been leaked out in a data dump allegedly coming from the NSA.
"This strain of malware is one of the few that combine the aggressive spreading mechanism of a cyber-weapon, with the irreversible destructive potential of ransomware. Up until now, more than 120,000 computers worldwide have been infected.
"The CVE07-010 vulnerability affects almost all versions of the Windows operating system, including those who are not actively supported anymore, such as Windows XP, Windows Vista and Windows Server 2003.
Because of the extremely high impact, Microsoft has decided to issue patches for ALL operating systems, including the unsupported ones. If your operating system does not have the specific hotfix installed, then you are vulnerable and need to update immediately," continued the spokesperson.
The firm concluded with the following advice:
- Disable the 'Server Message Block' service on the computer if patching is impossible
- Install the patch
- Back up your data on offline hard drives. The ransomware malware will encrypt files on external drives such as a USB thumb drive, as well as any network or cloud file stores
- Patch and Update your software and make sure you have all Windows updates on your machine.
- Use a reputable security suite https://www.av-comparatives.org/wp-content/uploads/2017/04/avc_factsheet2017_03.pdf
Mark Zuckerberg mercilessly trolled by Harvard student newspaper after return to university he dropped out of 12 years ago
'Unauthorised user' blamed by Harvard for insulting Mark Zoinkerberg
Android under attack from 'Judy', Google Play Store malware that has infected up to 36.5 million users
Yet more Android malware discovered on the Google Play Store
Airport believes new system will be more reliable than GPS or Google Maps
OnePlus 3T canned to make way for imminent OnePlus 5 with Snapdragon 835, 8GB memory and dual camera
OnePlus 3T to be prematurely retired on 1 June - perhaps indicating plans for an imminent OnePlus 5 launch