From ANDORSOFT and with the support of our technological partner ZEED SECURITY we want to express our solidarity with the thousands of companies in more than 150 countries that have been infected by the WannaCry ransomware virus in recent days. We trust that the problem will be resolved quickly.
Below we detail the origin and process that this cyberattack has used for its rapid spread.
The origin of the attack was associated with an MS Office vulnerability, a vulnerability published on 3/14 and its corrective measures.
Other exploits linked to perimeter defensive systems (Firewall, Antivirus, Certified Email...) would also have been executed due to lack of maintenance on them and have "opened the doors" to the exposure of the devices.
Once devices are infected, ransomware can spread freely across the network due to the lack of good IT health practices by leaving SMB protocols open and unencrypted.
* Server Message Block (SMB) is a network protocol that allows sharing files, printers, etc., between nodes of a computer network that use the Microsoft Windows operating system and, using a remote command execution vulnerability, is distributed to the rest of the Windows machines on the same network.
In summary, three simple recommendations; present in all EAIS – Zeedsecurity audits, which, if implemented correctly after detection, would have acted preventively, contributing to preventing infection of the device.
EAIS/EAES 24/7 is an excellent tool for daily monitoring of security and management of corrective measures to be implemented.