Doctor Web: Our users didn’t fall victim to the WannaCry encoder
May 15, 2017
The very first modification of the Trojan known to Dr.Web (Wanna Decryptor 1.0) was analyzed in Doctor Web’s laboratory on March 27, 2017, at 07:20 a.m. and was added to virus databases at 11:51 a.m., later that same day.
Trojan.Encoder.11432, which is also known as WannaCry, started actively spreading on Friday evening, and by the weekend it had infected computers of large organizations all over the world.
Doctor Web obtained its sample on May 12 at 10:45 a.m. and added it to the Dr.Web virus databases.
Before it was added to the database, Dr.Web had detected the Trojan as BACKDOOR.Trojan.
The Trojan itself is a multi-component encoder named Trojan.Encoder.11432. It includes the following four components: a network worm, an encoder dropper, an encoder and the author’s encoder.
Trojan.Encoder.11432 encrypts files on an infected computer and demands a ransom for their decryption. The money must be transferred to the specified e-wallets in Bitcoin cryptocurrency.
The mass proliferation of the Trojan is being caused by a vulnerability in the SMB protocol. All Windows operating systems older than version 10 are subject to this vulnerability. Trojan.Encoder.11432 didn’t pose any threat to our users from the moment it started spreading.
To eliminate any chance of your computers getting infected with this Trojan, we recommend that you do the following:
- Install the MS17-010 update for your operating system, which is available at technet.microsoft.com/en-us/library/security/ms17-010.aspx, and all current security updates;
- Update the Anti-virus;
- Close attacked network ports (139, 445), using the firewall;
- Disable the attacked and vulnerable service of the operating system;
- Forbid the installation and running of new software (executable files);
- Remove excessive user rights (rights for launching and installing new software);
- Delete unnecessary services in the system;
- Forbid access to the Tor network.
Your opinion counts
Sign in or register to comment on our news posts and take advantage of other benefits available to registered users. You will be awarded one Dr.Webling per comment. You can exchange your Dr.Weblings for gift certificates that can be used to purchase Dr.Web at a discount.