BeOpen Security - WannaCry
Security update WannaCry, what is the impact for BeOpen?
May 17, 2017
Last Friday, one of the biggest cybersecurity attacks occurred. Thousands of computer systems worldwide were infected by a so-called ransomware malware; WannaCry. This ransomware quickly encrypted files from customers; Once they were encrypted, the hackers asked for ransom to recover these files.
What's going on? Is there a high level summary that contains slightly more concrete information than the average news site?
SANS Institute has made a management overview in the form of a powerpoint. This can be viewed here
Has the attack been stopped? If I'm not infected, am I safe?
A British security expert has found a so-called "killswitch" this weekend in WannaCry malware. Namely, a DNS name that was not registered, once registered the encryption stopped.
By this revelation, the creators of the malware WannaCry released a version without the killswitch, which again is a danger to unpatched Windows systems. And there are still messages coming in that there may be other variants.
What should you do to protect yourself against WannaCry?
Apply MS17010 to Windows Vista and later (Windows Server 2008 and later)
Apply Friday's patch to Windows XP or Windows Server 2003.
Verify correct patch application
Make sure the "kill switch" domain is reachable from your network without proxy. If not, setup an internal DNS sinkhole
Deploy the registry key inoculation [terstopper]
Up to date anti-virus and anti malware
What have we done to prevent these attacks:
We continuously test the security and efficiency of our infrastructure software; we are aware of how these hackers may work. We cannot guarantee that we will never be affected but security is a main topic in our services.
In regards of WannaCry we can confirm that BeOpen Infrastructure and hosting services were never affected due to the simple fact that our Odoo instances run on the Ubuntu OS.
- The BeOpen Security Team