Over recent weeks, the Australian Cyber Security Centre (ACSC) has become aware of media devices within a small number of organisations in the health sector being infected with WannaCry ransomware.
This specific type of ransomware variant was first detected in May 2017, spreading across 150 different countries in just two days and affecting over 200,000 organisations, causing significant disruption to critical services including the health sector in the United Kingdom.
The ransomware leverages publicly-known vulnerabilities in Microsoft Windows, with appropriate patches available from Microsoft since March 2017 (Microsoft Security Bulletin MS17-010). Additionally, Microsoft has released patches for older, unsupported Microsoft operating systems on 13 May 2017. If you are running older systems, these patches should be applied immediately.
The ACSC strongly advises organisations to ensure their devices are up to date with the latest patches so they are not vulnerable to these types of threats.
Recommendations
The ACSC recommends that partners undertake the following actions:
- Apply MS17-010 patches as soon as possible to prevent infection by this ransomware.
- If unable to patch then consider disabling SMBv1.
- Review and consider applying ASD Essential Eight mitigation strategies.
- Review logs for unusual SMB traffic.
- Ensure that important data is backed up to an offline location.
Additionally, Microsoft have released advice and a special hotfix for Windows XP, Server 2003, and Windows 8 RTM.
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598