Cyber Attack Alert
Summary
Many of our customers around the world and the critical systems they depend on have been victims of malicious “WannaCrypt” software. We are using the MSRC blog - Customer Guidance for WannaCrypt attacks to post information and resources in one place, to help customers respond to this latest threat.
The first and most important piece of guidance is to immediately deploy the security update associated with Microsoft Security Bulletin MS17-010, if you have not done so already. Customers that have automatic updates enabled or have deployed this update are already protected from the vulnerability these attacks are trying to exploit.
Malware Detection
Windows Defender, System Center Endpoint Protection, and Forefront Endpoint Protection detect this threat family as Ransom:Win32/WannaCrypt.
In addition, the free Microsoft Safety Scanner http://www.microsoft.com/security/scanner/ is designed to detect this threat as well as many others.
Recommendations
Review the Microsoft Security Response Center (MSRC) blog at Customer Guidance for WannaCrypt Attacks for an overview of the issue, details of the malware, suggested actions, and links to additional resources.
Keep systems up-to-date. Specifically, for this issue, ensure Microsoft Security Bulletin MS17-010 Security Update for Microsoft Windows SMB Server is installed.
Customers who believe they are affected can contact Customer Service and Support by using any method found at this location: https://support.microsoft.com/gp/contactus81?Audience=Commercial.
Microsoft Malware Detection and Removal Tools
Use the following free Microsoft tools to detect and remove this threat:
- Windows Defender: https://www.microsoft.com/en-us/windows/windows-defender
- Microsoft Safety Scanner: http://www.microsoft.com/security/scanner/
Additional Resources
- Microsoft Security Response Center Blog: http://blogs.technet.microsoft.com/msrc
- Microsoft Malware Protection Center Blog: http://blogs.technet.microsoft.com/mmpc
- Microsoft Safety and Security Center webpage: http://www.microsoft.com/security/default.aspx
Regarding Information Consistency
We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft’s security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s web-based security content, the information in Microsoft’s web-based security content is authoritative.