Wanna be safe from Wanna Crypt?

On May 15, 2017

Wanna be safe from Wanna Crypt?

Latest Threat – Executive Synopsis – What you need to know and what your IT folks probably already do

( If you’ve been infected already – jump to the bottom ).

For you Tech nerds who just need to know under the hood how the exploit works – Microsoft’s Technical Blog describes the entire deploy for your IT team to not only understand the current attack – but how to defend against it (and similar attacks).



If this pops up – unplug your computer and call IT

High Level bullet points

  • Microsoft came out with a patch to prevent this exploit 2 months ago. And extra good news for XP and Server 2003 users – Microsoft released a patch for your ‘out of service’ systems as well (Nice Guys)

  • Even patched systems can be infected if someone clicks on a link that installs the exploit

  • Although being spread quickly – this is “NOT” an unusually nasty attack

  • These type of attacks often attack backup systems as well

  • Usually within a few days to weeks – methods to decrypt files have been created (not 100%)


The video below shows how the exploit works quickly on un-patched systems but there are a few recommendations.

Your system may be untouched – but here are some preventative measures to protect your systems.

  • Patch your systems at least monthly (It’s not asking too much here)

  • Wanna Crypt uses Firewall port 445 – so locking that down should help

  • Have multiple backup types (Server level, NAS System, Cloud based)

  • Create a HoneyPot to send alarms when attacked

  • Know your Insurance policy for issues beforehand

Resources malware.net status

If you’ve been infected?

  • Physically unplug (if possible) an infected computer from the network.

  • If a second system becomes infected – turn off your network switch.

  • Get IT ….. NOW, to review your backups and possibly take them off the network while the breach is happening.


This has been a pretty heavy article – so here’s some good news.

A cyber security agent noticed that there was a strange URL in the code – which appeared that it would turn off the malware if the site was live.

MalwareTech (mentioned above) bought the domain and sink-holed the malware – saving potentially tens of thousands of infections – good on ya MalwareTech!!!


  • By admin  0 Comments