Quality DOT Blog
Qtip-blog

Q-Tips Blog

Quality news and information.

Ransomware Cyber Attack

Posted on: May 15th, 2017 by Mindy Gasparin

On Friday, 5/12/2017, the world saw a massive cyberattack that spread globally in a only a matter of minutes.

Gizmodo: There’s a Massive Ransomware Attack Spreading Globally Right Now
CNN: Massive ransomware attack hits 99 countries
Time: Cyberattack That Crippled U.K. Hospitals Is Global

The initial attack vector has been email, through spam. These messages are typically fake invoices, job offers and other lures which are sent to random email addresses. Within the email is a .zip file and once clicked, that initiates the WannaCry infection.

The attack is then spreading on internal networks using a P2P exploitation of SMB (Server Message Block) known as EternalBlue. The files are being dropped by a worm which abuses SMB, a network file sharing protocol. Other aspects of the malware leverages file-less exploitation techniques, and the malware is morphing rapidly in the wild with over a dozen variants seen thus far.

The file extension used is .wncry, which drops a ransomware notification named: @Please_Read_Me@.txt in common file and folder locations.

IT IS IMPERATIVE THAT YOU BE EXTREMELY VIGILANT IN OPENING EMAIL WITH ATTACHMENTS OR SUSPICOUS LINKS!

The IT team at Quality Eicholtz is working extremely hard to ensure all of our clients systems are protected against this latest threat.  If you are unsure of an email which contains an email attachment or suspicious link, please take pause and reach out to us for verification.