Why should you be concerned?
The exploit can penetrate into machines that are currently running unpatched version of Windows through 2008 R2 by exploiting flaws in Microsoft Windows SMB Server. The ransomware attacks have the capacity to spread over the network by scanning for vulnerable systems, and in turn, infecting them.
How can you pre-empt it?
Microsoft has stated that it “released a security update which addresses the vulnerability that these attacks are exploiting” in March. Also, it had advised users to update their systems to deploy the patch for the vulnerability (MS17-010). If you haven’t done this yet, update your systems now.
Also, be suspicious of uninvited documents that you receive through email. Unless the source is not verified, do not click on the links inside these documents.
Whenever there is a possibility of getting hit by ransomware infection, do ensure that you create a backup of your important files and documents. This, later, will help you restore them when needed.
Also, make sure that you run an active anti-virus security suite of tools on your system, and browse the Internet safely.
What to do if you are affected?
- Remove the Network connection from your Computer. This could be done by removing your network cable or shutting down the wireless function on your computer. This will help you to prevent this ransomware from spreading.
- Start rebuilding your affected computer, be it laptop or workstation.
- Once you have rebuilt the infected workstation before patching it with the recommended patch, restore your system from the backup you have made.
If you have further queries or require any kind of assistance, reach out to SingCERT.