PROBLEM: On Friday May 12th a ransomware program called WannaCry infected more than 230,000 computers around the world. This program began as a phishing attack and installed itself on computers when a user opened an email attachment. The program then made use of Windows vulnerabilities in all versions of Windows. This vulnerability makes it possible for this malware to infect every unpatched Windows machine on the same local network as the infected computer. Microsoft had previously issued security updates back in March to close this vulnerability. The security update was not issued for Windows XP. Any computers not patched with the March security update are still vulnerable.A security researcher was able to stop the spread of this ransomware program on Friday, but there are reports that other variants of this program are now being distributed without the kill switch that the security researcher used.
Manufacturers should be specially aware of this avenue of attack as there are many industrial networks that still have computers running Windows XP. Many industrial networks have no internet connection, so even currently supported versions of Windows cannot receive updates. As an example, if a technician has a computer attached to the local industrial network, and also connects to the Internet to assist in troubleshooting, every unpatched computer on the industrial network is at risk from new variants of this attack. If the technician’s computer becomes infected while connected to the industrial network, the HMIs, Historians, Servers, etc. could be encrypted and held for ransom.
RECOMMENDED SOLUTION: After the WannaCry ransomware was discovered on Friday, Microsoft released manual patches for every version of Windows from XP forward. Polytron recommends that manufacturers assess if their current software applications are compatible with the latest Microsoft patches and apply patches accordingly. If there are reasons that the patch cannot be installed on a particular computer, other methods of ensuring availability of that computer, such as complete backups, should be evaluated.
Microsoft has patches available to block WannaCry Ransomware for Windows XP and later.
- The patches for Vista and later are located at: https//technet.microsoft.com/en-us/library/security/mi17-010.aspx
- The patches for Windows XP are located in a Microsoft Blog Post: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
QUESTIONS: Call Polytron Toll-free 1-855-794-7659