Gordon Campbell | Parliament TV | Parliament Today | News Video | Crime | Employers | Housing | Immigration | Legal | Local Govt. | Maori | Welfare | Unions | Youth | Search


WannaCry Ransomware in large scale international attacks

13 May 2017

WannaCry Ransomware used in large scale international attacks

[This initial advisory is being updated. Current version is here.] What's happening

Systems affected

Earlier today a massive international ransomware campaign hit computer systems of private companies and public organisations around the world. This incident is being reported as the largest ransomware campaign to date. The Ransomware in question has been identified as a variant of ransomware known as WannaCry (also known as 'Wana Decrypt0r,' 'WannaCryptor' or 'WCRY'), because the encrypted files extension is .wcry. Like other ransomware, WannaCry also blocks access to a computer or its files and demands money to unlock it. Early reports were that the ransom demanded was around $430NZD, though this has allegedly doubled over the past few hours.

We’re learning more about this particular attack as it unfolds. At this point, CERT NZ understands that the initial attack vector is likely a phishing email with either a malicious attachment or link. The exploit penetrates into machines running unpatched versions of Windows (XP through 2008 R2) by exploiting flaws in Microsoft Windows SMB Server. Once a single computer in a network is infected with WannaCry, the program looks for other vulnerable computers on the network and infects them as well.

This ransomware exploits a Windows vulnerability known as EternalBlue, which was released by the Shadow Brokers hacking group over a month ago. Microsoft released a patch for the vulnerability in March (MS17-010).

What to do


The information we have shows that this ransomware's initial infection is spread through emails. There is conflicting information about the details and attributes of the initial emails however they are reported to contain either links or attachments. Be careful when opening emails and clicking on links – read our phishing information to know what to look out for. These emails could be from anyone, including an email address you’re familiar with.

Make sure you have backed up your system and files stored securely, off-network.

Make sure you have patched your system. Organisations using any Windows system between XP to 2008 R2 should ensure that mitigations are in place, particularly the MS17-010 Microsoft patch. If you’re not patched, consider disabling SMBv1 (this will stop some file sharing). There is no patch available for XP & 2003, these OS’s need to be either turned off or have SMBv1 disabled.

It is also important to ensure that staff are aware of this campaign, and reminded to be extremely vigilant with incoming emails containing links and attachments.

More information

The details on this release are relatively new and more information is coming to light constantly. For organisations that require further support or more specified advice, please log an incident on our website at cert.govt.nz. Similarly, if you have been compromised with this ransomware, please contact CERT NZ.

© Scoop Media

Parliament Headlines | Politics Headlines | Regional Headlines

Madrid Climate Talks: Decade Ending 2019 Likely To Be Hottest On Record

Exceptional global heat driven by greenhouse gas emissions mean this decade will most likely go down as the warmest on record, according to the World Meteorological Organization...

The agency also finds that 2019 is on track to be the second or third warmest year in history, with the global average temperature during January through October, roughly 1.1 degrees Celsius above the pre-industrial era.

“If we do not take urgent climate action now, then we are heading for a temperature increase of more than 3°C by the end of the century, with ever more harmful impacts on human wellbeing.” More>>


NZ First Conflicts Of Interest: New Details Around Timeline

New information has emerged showing it was the New Zealand First chief of staff who identified potential conflicts of interest between a forestry company and two senior government ministers, sparking a series of declarations. More>>



Five New Cancer Meds In Six Months: Pharmac Funds More Cancer Medicines, Faster Assessment

PHARMAC has confirmed that two new medicines – olaparib for ovarian cancer and fulvestrant for breast cancer – have been approved for funding... Rituximab and bortezomib, which are already funded, have also been approved for widened access following successful commercial proposals from new suppliers. More>>


Gordon Campbell: On Stoking Fears About Cannabis Law Reform

It was always going to be hard to have a rational debate on cannabis reform. Far easier for politicians to win votes by stoking alarm... More>>


Tūhoronuku Mandate Recognition Ends: "New Opportunity" For Ngāpuhi Treaty Negotiations

The Crown is providing an opportunity for the hapu of Ngāpuhi to rebuild its framework from the ground up for collective negotiations to deal with its historical Treaty claims... More>>


Pike River: Next Phase Of Recovery Underway

“Fresh air will be pumped into the Pike River Mine drift this week, following acceptance of the plan for re-entry beyond the 170m barrier by New Zealand’s independent health and safety regulator WorkSafe." More>>


Peters Stoic: Russia On Afghan Firing Range Deaths

The foreign minister won't be calling in the Russian ambassador concerning comments made about New Zealand soldiers in Afghanistan. In a media briefing late last month, Russian Foreign Ministry spokesperson Maria Zakharova said New Zealand must investigate crimes against civilians. More>>


Christchurch Call: Online Crisis Response Workshop In Wellington

Governments and tech companies are holding a two-day workshop, hosted by YouTube/Google in Wellington, to test the Christchurch Call Shared Crisis Response Protocol. More>>





InfoPages News Channels