WannaCrypt0r Malware / Microsoft Windows SMBv1 Vulnerability

On Friday May 12th 2017 a new global ransomware campaign was observed to be exploiting a known vulnerability in Microsoft Server Message Block 1.0 (SMBv1) in order to install malware known as WannaCrypt0r (Also known as WannaCrypt, WannaCry, WCrypt & WCRY) which encrypts user files and demands payment via Bitcoin in order for the user to regain access to their data. At the time of writing, WannaCrypt0r has infected over 200,000 devices across 150+ countries and impacted organisations including the NHS (UK), Telefonica (Spain), Renault (France), Nissan (UK) and FedEx (USA).

To help protect your business by preventing the SMBv1 vulnerability from being exploited, it’s important that up to date Anti-Virus software is installed and that all known Windows Updates have been applied to each of the PC’s and Servers within your business. However, as with all malware, WannaCrypt0r can also spread in internet downloads, by email or on media such as CDs and USB pen drives so your users should remain highly vigilant when opening files or emails from untrusted or unknown sources.

Over the coming days our engineering team will be reaching out to those customers who we believe may be at risk so that mitigation measures can be implemented, however, should you have any concerns, need advice or wish to report suspicious activity, please call us on 02892 677533, raise a technical support case via our helpdesk at https://support.xperience-group.com or email us at support@xperience-group.com.

For further guidance about protecting your organisation from ransomware and what to do if you’ve been infected, please visit the National Cyber Security Centre website at https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware.

For IT Managers - You can help secure your environment by performing one or more of the following actions.

- Update your PCs & Servers via Windows Update
- Deploy Microsoft Patch MS17-010 (http://bit.ly/2pLx14T)
- For Legacy Systems (I.e. Windows XP) please see http://bit.ly/2qjXkjy)
- Disable SMBv1 (where possible) on all devices within your network or block the SMBv1 Ports (UDP 137, 138 and TCP 139, 445).
-- For further guidance, please see the following Microsoft Support article - http://bit.ly/2reUBHg.

Between the hours of 21:00 on April 28th 2017 and 09:00 on April 29th 2017 our engineering team will be performing core infrastructure maintenance on our London cloud platform.

What you need to know - Xperience IT Solutions would like to make customers aware of upcoming infrastructure maintenance to our London cloud platform. To ensure you continue to receive the best possible service, the upgrades taking place will help to increase capacity, improve performance as well as introducing additional features and functionality.

How will I be affected? - Whilst this work takes place, customer servers, hosted websites and OnApp GUI & API services will be unavailable. Prior to the work taking place, please ensure that users save their work and disconnect from their Citrix/RDP sessions.

Out of hours support - To ensure that this work is completed as quickly and efficiently as possible whilst also ensuring that each and every customer server is operating as expected at the end of the maintenance window, out of hours support will be available via our helpdesk at https://support.xperience-group.com and by telephone on 02892 677533. Should you have any queries, please contact our technical helpdesk or your account manager for further assistance.

What you should know

We’re publishing this as an urgent notification to all customers who currently use the Firefox web browser. Yesterday a zero-day vulnerability emerged within the Firefox web browser. It is currently exploiting Windows systems with a high success rate and affects Firefox versions 41 to 50 and the current version of the Tor Browser Bundle which contains Firefox 45 ESR.

Switch to an alternative secure browser

If you are currently using Firefox, we highly recommend that you temporarily switch browsers to Chrome, Internet Explorer, Safari or a non-Firefox based browser that is secure. Please do so until a further announcement is made to say that it has been made secure.

How could I be at risk?

The vulnerability allows an attacker to execute code on your Windows workstation. The exploit is public which means that hackers all over the world have access to it. At present there is no current fix for the issue.

Currently this exploit causes a workstation report back to an IP address based at OVH in France. This code can likely be repurposed to infect workstations with malware or ransomware. The exploit code is now public knowledge so we expect new variants of this attack to emerge rapidly.

This is a watering hole attack, meaning that a victim has to visit a website that contains this exploit code to be attacked.

For more information on this please click here

If you have any questions queries or concerns relating to this announcement, please contact:

support@xperience-group.com

According to the Annual Fraud Indicator it is estimated that cyber crime as a whole costs businesses and individuals around £193 billion per year.

In its simplest terms, ransom-ware stops you from using your PC. The virus holds your files for ‘ransom’ and will ask you to pay a ransom amount before you can use your PC. A new strain of ransom-ware, known as Zepto is now on the rise, so we want to remind you to remain vigilant when opening any attachment from unknown sources.

What is Zepto Ransom-ware?

Zepto is the latest form of ransom-ware to strike internet users. All Zepto spam messages use a compressed ‘.Zip’ archive which includes a malicious JavaScript file. This is used to infect your computer with the Zepto ransom-ware.

Once you have fully downloaded the file, the machine begins encrypting all local files and demands ransom- which can range from hundreds to thousands of pounds, payable by Bitcoin to decrypt the files.  This can also leave your business open to vulnerabilities in terms of downtime and compromising business data.

What should I look out for?

The body of the emails generally urge you to look at your “requested” documentation, while the name of the attached .zip file is created by combining your name and a random number such as "pdf_copy-john_461397."

If you’ve just come back from holiday, be aware that you could already have a Zepto attachment in your inbox. Ensure that you take extra precautions when opening and forwarding emails.

How can I remain protected?

It is advised that you take precautions when browsing the web and dealing with newly received emails. We would advise you to take the below steps to ensure you remain protected:

• Make sure you have an up-to-date antivirus solution installed.
• Don’t trust attachments, even if it’s from someone you know. If you’re suspicious, seek confirmation from the sender that it’s genuine.
• Avoid clicking, opening or forwarding any attachments from people or companies you aren’t expecting attachments from.
• If you don’t already take your backups off site, consider backing them up on to an external USB drive for added protection.

Zepto ransom-ware is very new but as it is a form of Locky ransom-ware, there is currently no way of decrypting the encrypted files.  If you’re concerned that backups aren’t in place, functioning correctly or if you’re unsure, contact us today.

Email: enquiries@xperience-group.com

Call: 028 9267 7533

Xperience IT Solutions are thrilled to announce we have been awarded Microsoft Ireland ‘Hosting Partner of the Year’ for 2016. Iain O’Kane, Managing Director at Xperience Group, accepted the award at the esteemed Microsoft Ireland Award Ceremony at the 2016 World Partner Conference held at The One Eighty, 51st floor of the Manulife Centre in Toronto. Iain O’Kane comments, “We are delighted to have received this award, which not only acknowledges our capabilities within the Cloud space but is a testament to the skills and commitment of our staff across the Group. Receiving recognition from Microsoft Ireland is hugely satisfying and positions the Group as market leaders within the UK & Ireland.”

Xperience work closely with Microsoft to provide customers with best-in-class cloud solutions. The award validates the company’s status of being a leading Microsoft solution provider and the commitment to deliver excellent service to customers. Further to this, Xperience is a recognised Microsoft Gold Partner for Midmarket Solution and Enterprise Resource Planning.

Jade Winters, Group Marketing Manager at Xperience Group commented on the event “The awards were presented on the 51st floor which gave a fantastic backdrop to the ceremony, offering a spectacular view of Toronto’s magnificent skyline. This year exceeded all expectations, both for the Microsoft Ireland division and their Partners as a collective. We were in great company, sharing celebrations with exceptional partners – a huge congratulations to all.” For more information, click here to view the Xperience IT Solutions news article.