Following Friday’s global cyber-attack – that managed to cripple large parts of the UK’s National Health Service with a seemingly self-replicating piece of ransomware, (just one of the over 10,000 organizations in 150 countries said to have been affected by the software’s proliferation), WordFence now says that new variants of the ransomware have begun to emerge online …
“A few hours ago new variants of the WannaCry ransomware started emerging,” the security researchers write.
Specifically, the WordPress plugin developers claim that one of the variants of the software was “also stopped today by registering a kill switch domain,” the same way -it notes- that the ransomware was stopped at the end of last week.
But the second variant, it says – while not currently able to encrypt infected machines due to a reported “error in programming,” is still spreading …
The folks at WordFence are therefore providing the following “critical” advice to those of you that are running on Windows, and need to protect yourself:
Protect Yourself Against WanaCrypt0r 2.0
1. If you use Windows, install the patch that Microsoft has released to block the specific exploit that the WannaCry ransomware is using. You can find instructions on this page in the Microsoft Knowledge Base. You can also directly download the patches for your OS from the Microsoft Update Catalog.
2. If you are using an unsupported version of Windows like Windows XP, Windows 2008 or Server 2003, you can get the patches for your unsupported OS from the Update Catalog. We do recommend that you update to a supported version of Windows as soon as possible.
3. Update your Antivirus software definitions. Most AV vendors have now added detection capability to block WannaCry.
If you don’t have anti-virus software enabled on your Windows machine, we recommend you enable Windows Defender which is free.
4. Backup regularly and make sure you have offline backups. That way, if you are infected with ransomware, it can’t encrypt your backups.
5. For further reading, Microsoft has released customer guidance for the WannaCry attacks and Troy Hunt has done an excellent detailed writeup on the WannaCry ransomware.
According to reports if you happen to be running on Windows 10 or above, you should be safe from WannaCrypt/WannaCry’s grip (at least for now, anyway) …but if you’re running any version of Windows earlier than that, you’ll want to follow the steps above – pronto.
However, Microsoft MVP Matthieu Suiche notes that “a patched (non recompiled) variant” with “no kill-switch” is now out there, too …
— Matthieu Suiche (@msuiche) May 14, 2017
VICE is reporting that the ransomware samples which have emerged over the last few hours, and are said to contain no kill switch, “do not pose the same threat to the public.”
Suiche’s blog provides a good read on the new variants (if you have the time), and you’re technically minded.
Below is a map showing all the new detected instances of WannaCry/WannaCrypt over the last 24 hours, according to MalwareTech.com:
Europol chief warning ransomware “could spread on Monday,” as workers the world over return to their desks.
Some trusts, hospitals and GP surgeries in the UK are still recovering/dealing with the result of Friday’s attack, with @fendifille sharing Monday’s plan of action on Twitter:
We aren't sorted yet, tomorrow's plan.. pic.twitter.com/D59AzY9uJF
— gigi.h (@fendifille) 14 May 2017
Mumbai reportedly set to close its ATMs until an update to Windows can be made. (Editor’s note: You have to wonder how many other banks/financial institutions rely on Windows OS?)
— Arron Hirst (@ArronHirst) 15 May 2017