Securing business data

News Article

Update on NHS Malware Attack (WCry 2.0)

by Shannon Simpson | 12 May 2017

A quick update from CNS on the reported cyber-attack on NHS and partners. 

We believe NHS and other commercial organisations have so far been affected. The payload is believed to be ransomware known as ‘wcry 2.0’ or more commonly known as "WanaCrypt0r 2.0", at the early stages of analysis it has been suggested that the ransomware is possibly using the SMB exploit known as ‘Eternal Blue’ which was released as part of the recent NSA leak. 

The following link has further information on this (and other related) exploits and also contains patch information for Eternal Blue. Whilst we recommend the installation of this patch we cannot be responsible for any adverse impact this may have on your systems.

https://www.cnsgroup.co.uk/media-hub/blog/blog-item/cns---networks-security/2017/04/27/shadow-brokers-leak---what-lessons-have-been-learnt

In addition; this ransomware binary can spread through multiple methods, ensure your anti-virus is up to date and running, be extremely wary of opening attachments or clicking links in emails from both known and unknown contacts and above all else make sure systems are sufficiently backed up on a frequent basis - in the event of compromise the ability to restore your systems is vital.  

If you have any specific concerns, please contact the CNS SOC. 

Many thanks,

CNS Group Security Operation Centre

Update:

There is a line in one of the files called by the ransomware:

"/c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbad"

Make sure all backups are not being done on local machines...they will be wiped if infected.

call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere