The WannaCry outbreak has being reported on May 12 2017 by many independent sources all over the World. It targets most of Windows operating system. The ransomware is not specifically designed to attack industrial systems. However, based on KL ICS CERT live reports we decided to warn industrial organizations that they might indirectly become a victims of this widespread attack.
The ransomware exploits known Windows SMBv2 software vulnerability that allow the attacker to execute remote code on compromised system. The original exploit code was available to public from April 14 2017. Microsoft has released a new patch that fixes this security flaw on March 14 2017.
Although this attack does not target Industrial facilities, KL ICS CERT team still recommends industrial organizations to immediately take the following safety actions
- As soon as possible install the official patch (MS17-010) from Microsoft, which closes the affected SMB Server vulnerability used in this attack;
- Download and install latest antivirus product and signature updates for your antivirus solution. If you are using Kaspersky Lab antivirus solutions, please enable Kaspersky System Watcher, Application Startup Control or Anti Cryptor. These features will detect and block malicious attempts to encrypt any data. Also all the Kaspersky Lab’s solutions containing Intrusion Detection mechanisms will detect and block this threat on the network layer;
- Make sure that you have backup copies of all sensitive data;
- Scan all your systems with antivirus software. In case if the threat was detected and removed please, reboot your systems.
In case if you have any questions or need help please reach us with email on email@example.com
Indicators of compromise
Samples observed in attacks so far
Kaspersky Lab detection names