Home >  Blog >  WannaCry ransomware attack

WannaCry ransomware attack

Posted by Michael Trimblett on 18 May 2017

As you may be aware, the tech news headlines over the past week have been dominated by the new strain of ransomware called "WannaCry".  This ransomware leverages a bug in Microsoft Windows computers which encrypts all of your data then requests payment in Bitcoin.  Those of you who have been following this blog over the years would recognise the modus operandi of this ransomware being very similar to that of the original Cryptolocker ransomware.  There is nothing technically different about this ransomware however, the method of infection and the amount of Bitcoin requested differ from the original Cryptolocker ransomware.

Ransomware usually infects a computer when a user opens a phishing email which then infects that computer with WannaCry.  Once installed, WannaCry uses the EternalBlue exploit developed by the U.S. National Security Agency (NSA) to spread through local networks and remote hosts, that have not been updated with the most recent security updates, to directly infect any exposed systems.  The infected computer then displays a message which demands a ransom for the decryption of your data.  What's different about WannaCry is that it demands only $300US worth of Bitcoin (which doubles after 3 days if not actioned).  This is considerably less than previous ransomware products which can easily demand 4-5 times that amount of Bitcoin.

A "critical" patch had been issued by Microsoft on 14 March 2017 to remove the underlying vulnerability for supported systems, nearly two months before the attack in May, but the affected organisations had not yet applied it.

For those of you on Loyal I.T.'s Managed Services, the installation of these patches has been performed automatically and as a result, those PC's and servers that are managed, are not vulnerable to this attack.  Loyal I.T.'s recommended antivirus product, Vipre Antivirus, detects and quarantines WannaCry before it can encrypt any data.

As we follow Microsoft's Best Practices, all PC's and servers we setup have Windows Updates configured and activated.  However, if you would like Loyal I.T. to confirm the patches have been applied to your systems, please contact us on 02 4337 0700 or email help@loyalit.com.au to log a ticket.
Michael TrimblettAuthor: Michael Trimblett
About: Michael has been in the information technology industry since 1998 and has a passion for everything technology. He has a technical background as a qualified network engineer and project manager and is committed to doing business in the I.T. industry ethically as prescribed by the Australian Computer Society's Code of Professional Conduct.
Connect via: Twitter LinkedIn
Tags: News Windows Networking Security

Latest News

'Bulletproof' solution to remote access security.

Dec 08 2020
One of the Essential Eight in Business Cyber Security Multi-Factor Authentication (MFA) is ty...

Email contact


for enquiries or log a job.

It was the best #@!*# thing we ever did, changing over to you guys.

Larry Clayton
Read All
Bookmark SiteTell a FriendPrint