Microsoft has provided a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. And if you are using Windows 10, then this you are not targeted by this attack.
This emergency security update from Microsoft named as MS17-010 which protects you from WannaCry Ransomware, a NSA leaked tool which recently compromised 100k+ systems worldwide and demands a ransom amount of $300 via BITCOIN. The current rate of 1 Bitcoin is 1740 USD.
Malwaretech also released one interactive Live Map through which you can easily see all infection locations globally by clicking below link –
https://intel.malwaretech.com/WannaCrypt.html
These are the 3 Bitcoin addresses so far which we collected from recent cyber attack
https://blockchain.info/address/13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
https://blockchain.info/address/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
If you are a security researcher and you wanna report some vulnerability to Microsoft Team then you should visit this link.
Program Name | Start Date | Ending Date | Eligible Entries | Bounty range |
Microsoft Office Insider Bug Bounty Program Terms | March 15, 2017 | June 15, 2017 | Vulnerability reports on Microsoft Office Insider on Windows Desktop (see link for program details) | Up to $15,000 USD |
Microsoft .NET Core and ASP.NET Core Bug Bounty Program Terms | September 1, 2016 | Ongoing | Vulnerability reports on .NET Core and ASP.NET Core RTM and future builds (see link for program details) | Up to $15,000 USD |
Microsoft Edge RCE on Windows Insider Preview Bug Bounty | August 4, 2016 | May 15, 2017 | Critical RCE in Microsoft Edge in the Windows Insider Preview. TIME LIMITED. | Up to $15,000 USD |
Online Services Bug Bounty (O365) | September 23, 2014 | Ongoing | Vulnerability reports on applicable O365 services (see link for program details). | Up to $15,000 USD |
Online Services Bug Bounty (Azure) | April 22, 2015 | Ongoing | Vulnerability reports on eligible Azure services (see link for program details). | Up to $15,000 USD |
Mitigation Bypass Bounty | June 26, 2013 | Ongoing | Novel exploitation techniques against protections built into the latest version of the Windows operating system. | Up to $100,000 USD |
Bounty for Defense | June 26, 2013 | Ongoing | Defensive ideas that accompany a qualifying Mitigation Bypass submission | Up to $100,000 (in addition to any applicable Mitigation Bypass Bounty). |
Here are some informative tweets related to this malware and cyber attack –
- Sample released by ens: https://twitter.com/the_ens/status/863055007842750465
- Onion C&Cs extracted: https://twitter.com/the_ens/status/863069021398339584
- EternalBlue confirmed: https://twitter.com/kafeine/status/863049739583016960
- Shell commands: https://twitter.com/laurilove/status/863065599919915010
- Maps/stats: https://twitter.com/laurilove/status/863066699888824322
- Core DLL: https://twitter.com/laurilove/status/863072240123949059
- Hybrid-analysis: https://twitter.com/PayloadSecurity/status/863024514933956608
- Impact assessment: https://twitter.com/CTIN_Global/status/863095852113571840
- Uses DoublePulsar: https://twitter.com/laurilove/status/863107992425779202
- Your machine is attacking others: https://twitter.com/hackerfantastic/status/863105127196106757
- Tor hidden service C&C: https://twitter.com/hackerfantastic/status/863105031167504385
- FedEx infected via Telefonica? https://twitter.com/jeancreed1/status/863089728253505539
- HOW TO AVOID INFECTION: https://twitter.com/hackerfantastic/status/863070063536091137
- More of this to come: https://twitter.com/hackerfantastic/status/863069142273929217
- C&C hosts: https://twitter.com/hackerfantastic/status/863115568181850113
- Crypted files will be deleted after countdown: https://twitter.com/laurilove/status/863116900829724672
- Claim of attrib [take with salt]: https://twitter.com/0xSpamTech/status/863058605473509378
- Track the bitcoins: https://twitter.com/bl4sty/status/863143484919828481
- keys in pem format: https://twitter.com/e55db081d05f58a/status/863109716456747008
Note: Cert-In also published an article against this cyber attack
Recommended Steps for Prevention
- Apply the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017.
- Enable strong spam filters to prevent phishing e-mails from reaching the end users and authenticate in-bound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent e-mail spoofing.
- Scan all incoming and outgoing e-mails to detect threats and filter executable files from reaching the end users.
- Ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans.
- Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary.
- Configure access controls including file, directory, and network share permissions with least privilege in mind.
- If a user only needs to read specific files, they should not have write access to those files, directories, or shares.
- Disable macro scripts from Microsoft Office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office suite applications.
- Develop, institute and practice employee education programs for identifying scams, malicious links, and attempted social engineering.
- Have regular penetration tests run against the network. No less than once a year. Ideally, as often as possible/practical.
- Test your backups to ensure they work correctly upon use.
- 30,000 Sites is in RISK, The Plus Addons for Elementor WordPress Plugin Hacked
- Facebook Pay is rolling out in US – 2019 Update
- Top 25 Reddits – SubReddits Communities [Information Security]
- List of 100+ Cyber Security RSS Feeds
- Target’s Twitter Account Compromised – Posted Fake Promoted Ad [Bitcoin Scam]
- Familiar With SQL Injection Vulnerability – Meet Ihsan Sencan
- Microsoft + 33 Other Companies Join hands to fight Cyber Attacks – Cyber Security Tech Accord
- Twitter Compromised ! Change Your Password Right Now – May 2018
- Update your Mozilla Firefox Now – 31st January 2018 Update
- Dangerous Keylogger Found – Infecting over 2000 WordPress sites