Window Software Wana Crypt Patch Download

Microsoft released a patch for the vulnerability earlier this year. Windows 10 tip: Keep unwanted software off PCs. Customers can now download security updates for Windows Server.

Updates as of 2017-05-15T17:15:00Z:

  • Multiple news reports have focused on how this attack was launched using NSA code leaked by a group of hackers known as the Shadow Brokers. That’s certainly what seems to have happened based on SophosLabs’ own investigation. A more detailed report on that is planned for early next week.
  • Sophos will continue to update its Knowledge Base Article (KBA) for customers as events unfold. Several updates were added today, and are summarized below in the “More guidance from Sophos” section.
  • Microsoft took the highly unusual step of making a security update for platforms in custom support (such as Windows XP) available to everyone. The software giant said in a statement: “We know some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download here.”
  • With the code behind Friday’s attack in the wild, we should expect copycats to cook up their own campaigns in the coming days to capitalize on the money-making opportunity in front of them, said Dave Kennedy, CEO and founder of information security consultancy TrustedSec.
  • The attack could have been worse, if not for an accidental discovery from a researcher using the Twitter handle @MalwareTechBlog, who found a kill switch of sorts hidden in the code. The researcher posted a detailed account of his findings here. In the post, he wrote: “One thing that is very important to note is our sinkholing only stops this sample and there is nothing stopping them removing the domain check and trying again, so it’s incredibly important that any unpatched systems are patched as quickly as possible.”

***

It was a difficult Friday for many organizations, thanks to the fast-spreading Wanna Decrypter 2.0 ransomware that started its assault against hospitals across the UK before spilling across the globe.

The attack appears to have exploited a Windows vulnerability Microsoft released a patch for in March. That flaw was in the Windows Server Message Block (SMB) service, which Windows computers use to share files and printers across local networks. Microsoft addressed the issue in its MS17-010 bulletin.

SophosLabs said the ransomware – also known as WannaCry, WCry, WanaCrypt and WanaCrypt0r – encrypted victims’ files and changed the extensions to .wnry, .wcry, .wncry and .wncrypt.

Sophos is protecting customers from the threat, which it now detects as Troj/Ransom-EMG, Mal/Wanna-A, Troj/Wanna-C, and Troj/Wanna-D. Sophos Customers using Intercept X will see this ransomware blocked by CryptoGuard. It has also published a Knowledge Base Article (KBA) for customers.

NHS confirms attack

National Health Service hospitals (NHS) in the UK suffered the brunt of the attack early on, with its phone lines and IT systems being held hostage. NHS Digital posted a statement on its website:

The UK’s National Cyber Security Centre, the Department of Health and NHS England worked Friday to support the affected hospitals, and additional IT systems were taken offline to keep the ransomware from spreading further.

Victims of the attack received the following message:

More guidance from Sophos

Here is an update of the specific ransomware strains in this attack that Sophos has now provided protection against:

Threat nameSophos IDEProtection available since
Troj/Ransom-EMGcerb-ama.ideMay 12, 2017 17:25 UTC
Mal/Wanna-Awanna-d.ideMay 12, 2017 19:13 UTC
Troj/Wanna-Cwanna-d.ideMay 12, 2017 19:13 UTC
Troj/Wanna-Dwanna-d.ideMay 12, 2017 19:13 UTC
HPMal/Wanna-Apdfu-bfo.ideMay 13, 2017 02:18 UTC
Troj/Wanna-Erans-emh.ideMay 13, 2017 07:04 UTC
Troj/Wanna-Grans-emh.ideMay 13, 2017 07:04 UTC
Troj/Dloadr-EDCchisb-qv.ideMay 13, 2017 23:16 UTC
Troj/Agent-AWDSchisb-qv.ideMay 13, 2017 23:16 UTC
Troj/Wanna-Hwanna-h.ideMay 14, 2017 02:53 UTC
Troj/Wanna-Iwanna-i.ideMay 14, 2017 06:38 UTC
Troj/Ransom-EMJwanna-i.ideMay 14, 2017 06:38 UTC
Troj/Wanna-Jemote-cb.ideMay 14, 2017 22:03 UTC
Troj/Wanna-Kemote-cb.ideMay 14, 2017 22:03 UTC

As noted above, Sophos has issued protection for customers. Users of Intercept X and EXP don’t have to do anything. Users of Sophos Endpoint Protection and Sophos Home should update their versions immediately.

ProductActions
Sophos Intercept Xnone required
Sophos EXPnone required
Sophos Endpoint Protectionupdate immediately
Sophos Homeupdate immediately
Phishing attack simulation and training for end users

Defensive measures

Window Software Wana Crypt Patch Download

We urge those who haven’t yet done so to:

  • Patch your systems, even if you’re using an unsupported version of XP, Windows 8 or Windows Server 2003 and read Microsoft’s customer guidance for WannaCrypt attacks.
  • Review the Sophos Knowledge Base Article on Wana Decrypt0r 2.0 Ransomware.
  • Back up regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.
  • Be cautious about unsolicited attachments. The crooks are relying on the dilemma that you shouldn’t open a document until you are sure it’s one you want, but you can’t tell if it’s one you want until you open it. If in doubt, leave it out.
  • Use Sophos Intercept Xand, for home (non-business) users, register for Sophos Home Premium Beta, which stops ransomware in its tracks by blocking the unauthorized encryption of files.

Resources

Other links we think you’ll find useful:

  • To defend against ransomware in general, see our article How to stay protected against ransomware.
  • To protect against JavaScript attachments, tell Explorer to open .JS files with Notepad.
  • To protect against misleading filenames, tell Explorer to show file extensions.
  • To learn more about ransomware, listen to our Techknow podcast.
  • To protect your friends and family against ransomware, try our free Sophos Home for Windows and Mac.
Window Software Wana Crypt Patch Download

Techknow podcast — Dealing with Ransomware:

LISTEN NOW

(Audio player above not working? Listen on Soundcloud or access via iTunes.)


Advanced SystemCare [ 4.0 MB | Freeware | Win 10 / 8 / 7 / Vista / XP ]

Advanced SystemCare is a popular and efficient all-in-one computer tweaker that will help clean, optimize, speed up and protect your computer. Video tutorial available!

Tweaking.com - Windows Repair [ 36.1 MB | Freemium | Win 10 / 8 / 7 / Vista / XP ]
An all-in-one repair tool to help fix a large majority of known Windows problems including registry errors and file permissions. A very handy use for Windows Repair is after a malware infection or other stubborn problems.

Malwarebytes [ 70.8 MB | Freemium | Win 10 / 8 / 7 / Vista ]

Wanna Crypt Patch


Malwarebytes is a complete antivirus replacement to protect you from malware, ransomware, exploits, and malicious websites and apps. Video tutorial available.

Window Software Wana Crypt Patch Download Full