Categories
Hackers and hacks Security solutions and antivirus software

WannaCry Ransomware infection is the largest in history

Recently, the British National Health System (NHS) has become the victim of WannaCry ransomware (also known as WCry or WanaCryptor), a very lethal computer virus that encrypts all the data from the infected computers. While the first infected systems were in UK, the virus has spread in other countries as well.

The attack took place on Friday (yesterday) and affected 74 countries (including UK, US, China, Russia, Spain, Italy and Taiwan), including 16 NHS trusts in UK, being the biggest in the history.

The WannaCry ransomware is based on an exploit harvested from the EternalBlue tool used for hacking by NSA and leaked a few months ago by the hacker group Shadow Brokers. Once a computer is hacked, it explores a vulnerability in the SMB file sharing. The most vulnerable computers are the ones with older operating systems and since the encryption is done with RSA-2048, the files cannot be decrypted without the hacker’s key.

The problem is that a lot of computers from public institutions still use Windows XP, a system which is very vulnerable to hackers, since it does not receive any more updates.

The losses were bigger than financial, this causing surgeons to cancel operations, because everybody was locked out of the system. For more information, see this Liliputing article.

The good thing in this is that Microsoft has released an update patch for all the supported Windows systems – Windows 7, 8.1 and 10 and the May 2017 updates should keep the users safe from this, if they have Windows Defender enabled with up to date signature database.

Final words:

If you keep your Windows system up to date with the latest updates and keep Windows Defender updated and enabled, you are safe from this ransomware malware.

Unfortunately, this happened because government agencies like NSA or CIA keep vulnerabilities unknown for their own benefit.

Categories
Editorials and informational articles Security solutions and antivirus software

Malware Protection Engine vulnerability found and fixed

Two days ago a Malware Protection Engine vulnerability was published by Microsoft in the Security Advisory 4022344. In the meantime a urgent security patch was pushed out.

The Microsoft Malware Protection Engine is used by a lot of Microsofts products such as Windows Defender and Microsoft Security Essentials on consumer PCs, and also products as Microsoft Endpoint Protection, Microsoft Forefront, Microsoft System Center Endpoint Protection, or Windows Intune Endpoint Protection on the business side.

The attackers can execute remote code if a scan is processed by one of the products that uses the Malware Protection Engine, through a specific crafted file.

The vulnerability was found by Google Project Zero researchers: Tavis Ormandy and Natalie Silvanovich, that kept information hidden from the public and gave Microsoft 90 days in order to create a patch for the security patch. Tavis wrote on 6th of May on his Twitter page that this is the “worst Windows remote code exec in recent memory“.

In order to check if you’re affected or not by the vulnerability, please follow the exact steps as below:

  • Tap on the Windows key from your keyboard, type Windows Defender and hit Enter to load the application. (Windows 10 Creators Update will launch Windows Defender Security Center)
  • Click on the cogwheel icon in the lower left part of the interface and select the About link.
  • Check that the Engine Version is at the very least 1.1.13704.0

If the Engine Version is lower than 1.1.13704.0 then please update immediately the product affected by the vulnerability.

Malware Protection Engine

We’re glad that the Malware Protection Engine got a fix patch so quick. I’ve just updated early this morning, because as you can see, my Engine Version was below the recommended one.