Website Design | Web Design | Custom Website Design | Website Application Development | Web Development | Software Development

 

Overview

We are aware of a widespread ransomware attack which is affecting several IT organizations in multiple countries. A new ransomware attack called Wanna (also known as WannaCry, WCry, WanaCrypt, WanaCrypt0r and Wana DeCrypt0r) is encrypting files and changing the extensions to: .wnry, .wcry, .wncry and .wncrypt.  The malware then presents a window to the user with a ransom demand.  

The ransomware spreads rapidly, like a worm, by exploiting a Windows vulnerability in the Windows Server Message Block (SMB) service, which Windows computers use to share files and printers across local networks. Microsoft addressed the issue in its MS17-010 bulletin.

Analysis seems to confirm that the attack was launched using suspected NSA code leaked by a group of hackers known as the Shadow Brokers. It uses a variant of the ShadowBrokers APT EternalBlue Exploit (CC-1353). It uses strong encryption on files such as documents, images, and videos. 

Sophos Customers using Intercept X and Sophos EXP products will also see this ransomware blocked by CryptoGuard. Please note that while Intercept X and EXP will block the underlying behavior and restore deleted or encrypted files in all cases we have seen, the offending ransomware splashscreen and note may still appear.


Back to Home

What is Wanna Ransomware?

A new ransomware attack called 'Wanna' (also known as WannaCry, WCry, WanaCrypt, WanaCrypt0r, or Wanna Decrypt0r) is encrypting files and changing the extensions to: .wnry, .wcry, .wncry and .wncrypt.

For the latest information about how to stay protected, refer to the Sophos Knowledge Base article.

For additional information on this attack see the Sophos News blog

shield

How Do I Stay Protected?

1. Update all Windows environments as described in Microsoft Security Bulletin MS17-010.

2. Whitelist any kill switch domains related to this attack. 

3. Update your endpoint software to ensure you have the latest protections for this threat. 

4. Ensure you are running advanced ransomware protection such as Intercept X or Sophos Exploit Prevention (EXP).

5. Home users, consider signing up for the Sophos Home Premium beta, which adds advanced protection from ransomware.