Just a note folks that while this particular ransomware is using the MS17-010 exploit to help spread, it does not rely on it. This is still a regular piece of ransomware that if someone opens the malicious file, will encrypt files.
SANS has some IoCs and more information: https://isc.sans.edu/forums/diary/Massive+wave+of+ransomware+ongoing/22412/ On Fri, 12 May 2017 at 11:45 Josh Luthman <j...@imaginenetworksllc.com> wrote: > MS17-010 > https://technet.microsoft.com/en-us/library/security/ms17-010.aspx > > > Josh Luthman > Office: 937-552-2340 <(937)%20552-2340> > Direct: 937-552-2343 <(937)%20552-2343> > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > On Fri, May 12, 2017 at 2:35 PM, JoeSox <joe...@gmail.com> wrote: > > > Thanks for the headsup but I would expect to see some references to the > > patches that need to be installed to block the vulnerability (Sorry for > > sounding like a jerk). > > We all know to update systems ASAP. > > > > -- > > Later, Joe > > > > On Fri, May 12, 2017 at 10:35 AM, Ca By <cb.li...@gmail.com> wrote: > > > > > This looks like a major worm that is going global > > > > > > Please run windows update as soon as possible and spread the word > > > > > > It may be worth also closing down ports 445 / 139 / 3389 > > > > > > http://www.npr.org/sections/thetwo-way/2017/05/12/ > > > 528119808/large-cyber-attack-hits-englands-nhs-hospital- > > > system-ransoms-demanded > > > > > >
