16/05/2017
Up To 1.3m Computers Still At Risk From WannaCry Attack
Up to 1.3 million computers are thought to still be at risk following a major ransomware attack that infected more than 200,000 computers in 150 countries.
The 'WannaCry' attack affected the computer systems of the NHS, alongside Germany's railway system, Russia's interior ministry and major companies including Renault, FedEx, Telefonica and other.
It is understood that security experts believe that two new variants of the virus are already in circulation and the rate of infections are expected to escalate.
The virus's affect Windows operating systems , encrypting hard drives and servers and demanding payment to release the system.
Once a system is infected, the virus acts as a worm and spreads to all computers on that network.
The National Cyber Security Centre (NCSC) have issued guidance for businesses and organisations to deal with the cyber threat:
• Deploy patch MS17-010:
technet.microsoft.com/en-us/library/security/ms17-010.aspx
• A new patch has been made available for legacy platforms, and is available here:
blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks
• If it is not possible to apply this patch, disable SMBv1. There is guidance here:
support.microsoft.com/en-us/help/2696547
• and/or block SMBv1 ports on network devices [UDP 137, 138 and TCP 139, 445]
If these steps are not possible, propagation can be prevented by shutting down vulnerable systems.
Work done in the security research community has prevented a number of potential compromises. To benefit:
• Ensure that your systems can resolve and connect on TCP 80 to the domains below
www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com
www[.]ifferfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com
The NCSC said that unlike most malware infections, your IT department should not block these domains. Note that the malware is not proxy aware so a local DNS record may be required. This does not need to point to the internet, but can resolve to any accessible server which will accept connections on TCP 80.
Antivirus vendors are increasingly becoming able to detect and remediate this malware, therefore updating antivirus products will provide additional protection – though this will not recover any data that has already been encrypted.
The 'WannaCry' attack affected the computer systems of the NHS, alongside Germany's railway system, Russia's interior ministry and major companies including Renault, FedEx, Telefonica and other.
It is understood that security experts believe that two new variants of the virus are already in circulation and the rate of infections are expected to escalate.
The virus's affect Windows operating systems , encrypting hard drives and servers and demanding payment to release the system.
Once a system is infected, the virus acts as a worm and spreads to all computers on that network.
The National Cyber Security Centre (NCSC) have issued guidance for businesses and organisations to deal with the cyber threat:
• Deploy patch MS17-010:
technet.microsoft.com/en-us/library/security/ms17-010.aspx
• A new patch has been made available for legacy platforms, and is available here:
blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks
• If it is not possible to apply this patch, disable SMBv1. There is guidance here:
support.microsoft.com/en-us/help/2696547
• and/or block SMBv1 ports on network devices [UDP 137, 138 and TCP 139, 445]
If these steps are not possible, propagation can be prevented by shutting down vulnerable systems.
Work done in the security research community has prevented a number of potential compromises. To benefit:
• Ensure that your systems can resolve and connect on TCP 80 to the domains below
www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com
www[.]ifferfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com
The NCSC said that unlike most malware infections, your IT department should not block these domains. Note that the malware is not proxy aware so a local DNS record may be required. This does not need to point to the internet, but can resolve to any accessible server which will accept connections on TCP 80.
Antivirus vendors are increasingly becoming able to detect and remediate this malware, therefore updating antivirus products will provide additional protection – though this will not recover any data that has already been encrypted.
Related Northern Ireland Business News Stories
Click here for the latest headlines.
05 November 2001
Virus hits province’s hospital computers systems
Urgent work is underway to remove a computer virus from a number of computer systems at a number of Health, Social Services and Public Safety (HSSPS) sites and hospitals.
Virus hits province’s hospital computers systems
Urgent work is underway to remove a computer virus from a number of computer systems at a number of Health, Social Services and Public Safety (HSSPS) sites and hospitals.
26 May 2004
B.I.C. Systems forms strategic partnership with Commvault Systems
B.I.C. Systems, a leading technology solutions provider in Ireland and the UK, has announced a strategic partnership with CommVault Systems, a US headquartered provider of enterprise data management solutions to a global customer base.
B.I.C. Systems forms strategic partnership with Commvault Systems
B.I.C. Systems, a leading technology solutions provider in Ireland and the UK, has announced a strategic partnership with CommVault Systems, a US headquartered provider of enterprise data management solutions to a global customer base.
09 September 2019
16 Jobs Created As Armagh Firm Expands Operations
Some 16 jobs will be created at an Armagh manufacturing firm as it opens a new premises to support market growth. AW Control Systems Ltd specialises in the design, manufacture, installation and commissioning of Automated Control Systems.
16 Jobs Created As Armagh Firm Expands Operations
Some 16 jobs will be created at an Armagh manufacturing firm as it opens a new premises to support market growth. AW Control Systems Ltd specialises in the design, manufacture, installation and commissioning of Automated Control Systems.
11 December 2014
Waste Systems Ltd Announces Expansion Plans
A County Tyrone company that specialises in the manufacture of waste separation machinery is expanding to meet demand for its products, with support from Invest Northern Ireland.
Waste Systems Ltd Announces Expansion Plans
A County Tyrone company that specialises in the manufacture of waste separation machinery is expanding to meet demand for its products, with support from Invest Northern Ireland.
10 June 2014
Invest NI Helps Ballymena Firm Open More Doors
Ballymena company Garage Door Systems Ltd is creating 17 new jobs as part of a £2 million investment supported by Invest Northern Ireland. The family-run business, which manufactures and installs a range of made-to-measure garage doors for the domestic and professional markets, is now in its 20th year of trading and employs 33 staff.
Invest NI Helps Ballymena Firm Open More Doors
Ballymena company Garage Door Systems Ltd is creating 17 new jobs as part of a £2 million investment supported by Invest Northern Ireland. The family-run business, which manufactures and installs a range of made-to-measure garage doors for the domestic and professional markets, is now in its 20th year of trading and employs 33 staff.
-
Northern Ireland WeatherToday:After a dry start this morning rain will spread from the northwest across all parts. This afternoon will be dull with some patchy rain and drizzle. Becoming much milder through the afternoon. Maximum temperature 11 °C.Tonight:A cloudy evening and night with a little light rain or drizzle, perhaps some clear periods developing along the east coast. A very mild night everywhere. Minimum temperature 10 °C.