Security Alert – WannaCry

14 May 2017 | News

There is currently a worldwide security alert associated with the latest ransomware attack – ‘WannaCry’. Media coverage has been heightened as the exploit itself was originally discovered by the NSA in the US. Further newsworthiness was added when the first notified attack caused major issues with UK National Health computers.
The issue affects servers as well as PC’s and laptops. End user devices and Terminal (RDS) Servers are at greatest risk as the delivery method is via email to the user.

Microsoft released fixes for weakness this ransomware exploits back in early March and they were also included in subsequent updates in April and May. Kinetics KARE clients with devices on Core Fundamentals or Total KARE had fixes approved and pushed out within 12 hours of their release in March.

Kinetics was alerted to the new attack on Saturday morning. Throughout Saturday, day and night, our team tracked the relevant security releases and ensured they had been pushed out wherever possible.

Kinetics KARE Ready Reaction clients do not have their patching proactively managed by Kinetics. However, given the high degree of this alert, we have pushed out a patch automation to those devices. Users may find that they run slow for the first 30 minutes after logging in.

[header2 text=”What can your staff do?” align=”left” color=”#336A40″ margintop=””]

It’s important to note that the delivery method is similar to other ransomware. That is, an email is received which has a link in the email body or a in a Word/PDF attachment. It’s recommended all staff are reminded not to activate macros in Word documents received over the internet and not to follow links unless they are sure they are legitimate.

Kinetics also asks that staff be reminded that, when they receive a popup message from the Kinetics KARE Team asking them to restart their PC to install important updates or alerting that their PC has not been restarted for X days, they need to shut down and restart their device as soon as possible.

As a further precaution it’s advised that everyone does a restart on their PC/laptop at least once a week. Occasionally shutting down does not allow patches to complete their install. A restart at lunchtime or the end of the day has a positive impact on successful patch installations.

[header2 text=”Which patch protects you?” align=”left” color=”#336A40″ margintop=””]

Any device that has any one of the “Security Monthly Quality Rollup for X” or the “Cumulative Update for Windows 10 Version X” for March, April or May installed is protected.

The major patch numbers are:

Windows 7 SP1: KB4012215, KB4012212, KB4015549, KB4019264
Windows Server 2008 R2 SP1: KB4012215, KB4012212, KB4019264
Windows Server 2012: KB4012214, KB4012217,KB4015551, KB4019216
Windows 8.1: KB4012216, KB4012213, KB4015550, KB4019215
Windows Server 2012 R2: KB4012216, KB4012213, KB4019215
Windows SMB Server: KB4012598
Windows 10: KB4013429, KB4012606, KB4013198, KB4016871, KB4019472

[header2 text=”What happens on Monday 15 MAY 2017?” align=”left” color=”#336A40″ margintop=””]
PC/laptops are at the greatest risk, as are Terminal (RDS) and Citrix servers. Kinetics will continue to check all Core Fundamental and Total KARE devices for missing patches and forcing their install. Remember – if you have Core Fundamentals or Total KARE on your PC/Laptops, you have been protected since March. Kinetics is managing this for you and will continue to do so.

Clients with KARE Ready Reaction on their Laptops/PC’s will be checked and if we detect issues Kinetics will contact you for permission to investigate and resolve issues.

Clients that do not have KARE on their end points and who want their system checked should contact support or their account manager to arrange a job.