HKCert
  

WannaCry (WannaCrypt) Ransomware Encrypts Victim Data

Release Date: 13 / 05 / 2017
Last Update: 15 / 05 / 2017
Criticality Level:  


A new variant of ransomware known as WannaCry (WannaCrypt) is spreading quickly, through a Windows SMB vulnerability (EternalBlue and DoublePulsar). HKCERT was aware that there is a widespread overseas.

 

Note: The vulnerability is being exploited to spread the ransomware attack.

 

Impacts:

  • WannaCry encrypts files on victims’ computers and adds a .WCRY file extension to them.
  • Files on network drives are affected.
  • Data will be unrecoverable due to encryption by ransomware.
(Please note the affected SMB versions are updated.)
  • Windows 10 and prior (SMB v1)
  • Windows Server 2016 and prior (SMB v1)

To protect yourself from WannaCry ransomeware and mitigation after infection, please refer to:

https://www.hkcert.org/my_url/en/blog/17051401