Following on the heels of the Google Malware (Google Docs — read more here from the article from last week), a exploit in Windows has been utilized to shutdown and lock files and systems in about 100 countries globally.
The exploit utilized has been corrected by Microsoft for almost 3 months with an update in March, but it is often the worst time and frustrations of always running updates that lead many people to wait on running updates.
The challenge of this attack was that it did not require an email or a website, it just looked for systems that had not been patched with the updates that Microsoft sent out — if a machine was seen online, it could be infected.
The infection then encrypted computers (in many cases, computers in Europe) that were in hospitals and other public systems. Once encrypted, the system would then ask for ransom totaling about $300.
If a computer system was completely unusable and personal files, photos, movies and others were on a “locked” machine, many many just pay the month. Alternatives would be to attempt and restore files from backups though many do not have a complete backup system that could provide for this kind of full-system restore…
Daily the world becomes more connected. Companies strive to stay a step or two ahead, but it is a constant cat and mouse game.
Here are some insightful articles about this specific attack. The NYTimes and MalwareBytes are good starting points and an interesting article from Wired explains how a tech was able to review and slow the code and allow more organizations to patch and protect their systems.
As always, questions about files, systems or emails received that do not seem “normal” should be shared with technology groups to examine and approve before something causes further issues in and around broader environments.
UPDATES [Monday AM]:
There is a growing concern about the impact this could have as the US operations start and systems come online. At Friends, we have been working all weekend to assure systems are patched, software and network services are updated to monitor for any signs of infection and variants which could trick systems and services into sneaking through.
We will update if there are areas of concern we would like to make the community aware of.