Many Microsoft customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Microsoft worked throughout the day to ensure they understood the attack and were taking all possible actions to protect customers. This blog spells out the steps every individual and business should take to stay protected. Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.
Details are below.
We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download (see links below).
Customers who are running supported versions of the operating system (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016) will have received the security update MS17-010 in March. If customers have automatic updates enabled or have installed the update, they are protected. For other customers, we encourage them to install the update as soon as possible.
This decision was made based on an assessment of this situation, with the principle of protecting customer ecosystems overall, firmly in mind.
Some of the observed attacks use common phishing tactics including malicious attachments. Customers should use vigilance when opening documents from untrusted or unknown sources. For Office 365 customers we are continually monitoring and updating to protect against these kinds of threats including Ransom:Win32/WannaCrypt. More information on the malware itself is available from the Microsoft Malware Protection Center on the Windows Security blog.
Download English language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64
Download localized language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64
General information on ransomware: https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx
MS17-010 Security Update: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
Be extra careful about what emails you open, what attachments you open or links inside of emails you click. This is the most likely way that this malware will infect you.
If its suspicious, do not open it, do not forward it. Contact us for advice.
Email us on technicalsupport@focus.net.nz or call on 03 211 0099.
Don’t get hooked with fraudulent emails - part 3
30 September 2019
Don’t get hooked with fraudulent emails - part 2
29 August 2019
Don’t get hooked with fraudulent emails - part 1
07 August 2019
How to protect yourself from cyber-attacks
31 May 2019
Exosoft Tip: Invoicing via JIBE
18 March 2019
Exosoft Tip: Markups in JIBE
14 March 2019