Comsec Consulting's Threat Response Teams have issued a release regarding a widespread ransomware attack affecting organizations worldwide, including more than 70 countries. Notable targets include the UK's National Health Service (NHS), Spanish banks, Deutsche Bahn, Renault, and many others.
Key points:
The ransomware targets Microsoft Windows systems, encrypting files and blocking access.
The malware spreads through phishing emails and exploits a Microsoft vulnerability described in bulletin MS17-010 using EternalBlue/DoublePulsar, compromising unpatched systems on the same network.
Infection of one computer can compromise the entire network.
Recommended prevention and mitigation measures include patching systems, isolating or shutting down unsupported/unpatched systems, disabling SMBv1 and SMBv2, isolating specific network ports, updating antivirus and antimalware products, and ensuring critical data is regularly backed up.
Employee awareness and reporting of suspicious emails and activities are crucial.
Comsec Consulting is actively monitoring the situation and offers assistance for any related findings or questions.
Organizations are urged to take immediate action to protect their systems and data.