Header Ads

WannaCry 2.0 is out and No "Kill Switch" Patch Your System Now!

It's not over yet! WannaCry 2.0 is out and No "Kill Switch" 

WannaCry has already infected over 200,000 computers across 99 countries worldwide only in past two days. 

If you are thinking that activating the kill switch has completely stopped the infection, then you are mistaken, because as soon as the attackers realize, they came back.

For those unaware, WannaCry is an insanely fast-spreading ransomware malware that leverages a Windows SMB exploit to target a computer running on unpatched or unsupported versions of Windows and servers and then spread itself like a worm to infect other vulnerable systems in the internal network.

The SMB vulnerability has been identified as EternalBlue, a collection of hacking tools allegedly created by the NSA and then subsequently dumped by a hacking group calling itself "The Shadow Brokers" over a month ago.

Costin Raiu, the director of global research and analysis team at Kaspersky Labs has confirmed the arrival of WannaCry 2.0 variants without kill-switch function.

    "I can confirm we've had versions without the kill switch domain connect since yesterday," Raiu told Motherboard.

So, expect a new wave of ransomware attack, with an updated WannaCry variant, which would be difficult to stop, until and unless all vulnerable systems get patched.

    "The next attacks are inevitable, you can simply patch the existing samples with a hex editor and it'll continue to spread. We will see a number of variants of this attack over the coming weeks and months so it's important to patch hosts." Matthew Hickey, a security expert and co-founder of Hacker House

Instead of depending upon mass email spamming, just like an ordinary malware campaign, WannaCry cyber attack leverages SMB exploit to remotely hijack vulnerable computers just by scanning every IP address on the Internet. 

Even after WannaCry made headlines all over the Internet and media, there are still hundreds of thousands of unpatched systems easily available open to the Internet.

As we notified today, Microsoft took an unusual step to protect its customers with an unsupported version of Windows — including Windows XP, Vista, Windows 8, Server 2003 and 2008 — by releasing security patches that fix SMB flaw currently being exploited by the WannaCry ransomware.

For Windows 7  click HERE.

So, users and organizations are strongly advised to install available Windows patches as soon as possible, and also consider disabling SMBv1.

Additional: How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server, follow step click HERE.


No comments

blogmytuts. Powered by Blogger.