DentalPC WannaCry Statement
On 12 May 2017, WannaCry began affecting computers worldwide. It targets unpatched Microsoft Windows operating systems.
The initial attack vector has been email, through spam. These messages are typically fake invoices; job offers and other lures which are sent to random email addresses. Within the email is a .zip file and once clicked, that initiates the WannaCry infection.
The ransomware encrypts the computer's data, then attempts to exploit the SMB vulnerability to spread out to random computers on the Internet, and "laterally" to computers on the same network. As with other modern ransomware, the payload displays a message informing the user that files have been encrypted, and demands a payment of around $300 in bitcoin within three days or $600 within seven days.
DentalPC protects its clients from this attack in several ways. First, windows updates and patches are installed. Second, we use a SonicWALL firewall that prevents inbound SMB traffic from reaching your internal network via the internet. Third, OpenDNS and Vipre protect each endpoint from both file execution and rouge DNS lookups.
No computer is 100% safe, and as with all variants, criminals are modifying them daily to come up with new and improved versions to exploit other weaknesses. There is no one silver bullet, and at DentalPC we take a layered approach to security for that very reason.
Microsoft Customer Guidance
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Microsoft technical Bulletin
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx