RSS Feed
Nexus - Security Notification - Petya/ WannaCry Ransomware
Posted by Muslim KHAN on 30 June 2017 12:49 PM

Dear Customers,

Being your hosting provider, we feel that this news might be of importance for you due to the nature of the exploit.

As widely reported, hackers launched a global ransomware campaign Friday, May 12, known as “WannaCry Ransomware". Targeting tens of thousands of companies and governmental organizations, this campaign encrypted files on infected computers and asked computer administrators to pay a ransom in order to regain access. The Petya variant is also targeting Microsoft Windows operating systems, and reports show all systems from XP – Windows 10 are susceptible to the attack.

This particular ransomware exploited a vulnerability that allows remote code execution via the Microsoft Server Message Block (SMBv1) server. Microsoft has released a security update that addresses this vulnerability, and we have been working diligently to make sure all internal systems have had this vulnerability addressed.

Scope of this attack is not limited to the web servers only, desktop users shall also be very careful by clicking on any external hyperlink or attachment even from trusted sources, beacuase links and attachments may seem legitimate apparently. Keep your systems and AV upto date, and thoroughly scan your systems with a licensed AV application.  
For those who are looking to protect themselves more, follow the recommendations outlined below.
Protection Recommendations :
•    Install Microsoft security patches that eliminate the vulnerability exploited by WannaCry.
•    You may ask our IT security team to back up critical data, so  that even if data is locked up, there are copies elsewhere, to which we can turn.
•    If they have not done so already, IT security teams should deploy antivirus and malware signatures associated with the threat.
However, the hackers may reconfigure their assault around this ‘kill switch’ with new phishing emails to come in the days ahead.

Technical Details:

There were hundred of thousands of devices/ systems been compromised via the same malware in the recent times. Ransomware is spreading across many organizations around the globe halting different business functions. Following patches should have been deployed on the system in order to secure the Windows system from this attack.

Microsoft has also released patches for end of life Windows systems under KB4012598. And Filter all SMB (TCP/445), NetBIOS (TCP/139), and RDP (TCP/3389)

The campaign uses an exploit for a recent SMB protocol vulnerability in Microsoft Windows [1,2, 3, 7]. According to [7], the ransomware perpetrators incorporated publicly-available exploit
code for the patched SMB EternalBlue vulnerability, CVE-2017-0145, which can be triggered by sending a specially crafted packet to a targeted SMB server. It spreads initially through vulnerable computers exposing port '445' on the Internet, and then using the same technique propagating through the internal network.


Please direct any questions or issues to Nexus Technologies’ customer service at, UAN: 0300-0341140 .