Please run windows update now

Andrew Kerr andrew at thekerrs.ca
Fri May 12 21:05:44 UTC 2017


Just a note folks that while this particular ransomware is using the
MS17-010 exploit to help spread, it does not rely on it.  This is still a
regular piece of ransomware that if someone opens the malicious file, will
encrypt files.

SANS has some IoCs and more information:
https://isc.sans.edu/forums/diary/Massive+wave+of+ransomware+ongoing/22412/

On Fri, 12 May 2017 at 11:45 Josh Luthman <josh at imaginenetworksllc.com>
wrote:

> MS17-010
> https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
>
>
> Josh Luthman
> Office: 937-552-2340 <(937)%20552-2340>
> Direct: 937-552-2343 <(937)%20552-2343>
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On Fri, May 12, 2017 at 2:35 PM, JoeSox <joesox at gmail.com> wrote:
>
> > Thanks for the headsup but I would expect to see some references to the
> > patches that need to be installed to block the vulnerability (Sorry for
> > sounding like a jerk).
> > We all know to update systems ASAP.
> >
> > --
> > Later, Joe
> >
> > On Fri, May 12, 2017 at 10:35 AM, Ca By <cb.list6 at gmail.com> wrote:
> >
> > > This looks like a major worm that is going global
> > >
> > > Please run windows update as soon as possible and spread the word
> > >
> > > It may be worth also closing down ports 445 / 139 / 3389
> > >
> > > http://www.npr.org/sections/thetwo-way/2017/05/12/
> > > 528119808/large-cyber-attack-hits-englands-nhs-hospital-
> > > system-ransoms-demanded
> > >
> >
>


More information about the NANOG mailing list