Just a note folks that while this particular ransomware is using the MS17-010 exploit to help spread, it does not rely on it. This is still a regular piece of ransomware that if someone opens the malicious file, will encrypt files. SANS has some IoCs and more information: https://isc.sans.edu/forums/diary/Massive+wave+of+ransomware+ongoing/22412/ On Fri, 12 May 2017 at 11:45 Josh Luthman <josh@imaginenetworksllc.com> wrote:
MS17-010 https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
Josh Luthman Office: 937-552-2340 <(937)%20552-2340> Direct: 937-552-2343 <(937)%20552-2343> 1100 Wayne St Suite 1337 Troy, OH 45373
On Fri, May 12, 2017 at 2:35 PM, JoeSox <joesox@gmail.com> wrote:
Thanks for the headsup but I would expect to see some references to the patches that need to be installed to block the vulnerability (Sorry for sounding like a jerk). We all know to update systems ASAP.
-- Later, Joe
On Fri, May 12, 2017 at 10:35 AM, Ca By <cb.list6@gmail.com> wrote:
This looks like a major worm that is going global
Please run windows update as soon as possible and spread the word
It may be worth also closing down ports 445 / 139 / 3389
http://www.npr.org/sections/thetwo-way/2017/05/12/ 528119808/large-cyber-attack-hits-englands-nhs-hospital- system-ransoms-demanded