Ransomware Hits the Same Vulnerabilities
Keep calm: While the news is grim over the latest ransomware, the steps we’ve taken earlier will most likely keep most of us secure. It’s key that you have March’s Windows updates installed to protect from the SMBv1 vulnerabilities and April’s Office updates installed to protect from the RTF (Rich Text Format) vulnerability being used in the attacks.
In addition, the vulnerability is specifically targeting networks and using some additional tricks up their sleeves as noted in PTSecurity blog post. The attackers are utilizing various network tools such as Windows Management Instrumentation (WMI) and PsExec to distribute the ransomware throughout a network. It further uses password retrieval tools to gain the local administrator passwords on the workstations in the network. For home and small businesses the best protection is to be vigilant in not opening suspicious emails, and to ensure the March and April updates are installed.