What is the status of the ransomware attack? Which regions are most affected and where is it potentially headed?
Over hundred countries are affected according to the reports. It’s difficult to assess where it might be headed next. The infection vectors are combination of phishing and self-propagation via Windows file sharing (SMB aka Samba file sharing) for lateral movement with the local network. The latter is believed to be a variation of the EternalBlue NSA exploit released by the Shadow Brokers last month. That vulnerability affects many Windows versions. There are conflicting reports as to exactly which versions are affected, but both personal and server variants are included, but definitely Windows Vista and Windows 8.
Is this a new version that doesn’t have a “kill” switch?
There have been some reports about that version.
How do you think this attack may be slowed?
Patching, patching, patching. The MS Windows patch for the SMB vulnerability (MS17-010) has been out for over two months. What are people waiting for? Also, network partitioning is a possible defense, in order to contain a local spread of the malware within an enterprise network over file sharing, as well as not falling for any possible (spear-)phishing.
What can people do to protect themselves?
People can patch their systems to the latest security updates. And exercise “doubleplus” care when opening their emails, opening email attachments, or clicking on links in emails. These are just standard procedures.
Remember, the target of this attack is your data, which the attackers are holding you ransom for. So people should make (have made?) backup copies of their systems and keep them offline, i.e. disconnected from their systems, after the backup completes. It is a good strategy to keep multiple backup copies (a so-called generational backup) in case one backup gets tainted. And think about it: is your backup over SMB file sharing?
Last, but not least, using a good antivirus/antimalware program can also protect the computer.
Please add anything else you think is important regarding this global attack.
If you are unsure of the patching status of your systems, take them offline and examine them thoroughly before patching them, backing them up, and putting them back online.
@Technuter.com News Service