Please spare some minutes to read this mail carefully. It is regarding the Wannacry-Ransomware which is affecting windows servers. WannaCry is a form of "ransomware" that locks up the files on your computer and encrypts them in a way that you cannot access them anymore. In the case of WannaCry, the program encrypts your files and demands payment in bitcoin in order to regain access. In these attacks, data is encrypted with the extension “.WCRY” added to the filenames. Kaspersky Lab's indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14.
For command and control, the malware extracts and uses Tor service executable with all necessary dependencies to access the Tor network
The file extensions that the malware is targeting contain certain clusters of formats including:
Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).
Emails and email databases (.eml, .msg, .ost, .pst, .edb).
Graphic designers, artists and photographers files (.vsd, .odg, .raw, .nef, .svg, .psd).
Less common and nation-specific office formats (.sxw, .odt, .hwp).
Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).
Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)
Developers’ sourcecode and project files (.php, .java, .cpp, .pas, .asm).
If you have yet to install the Microsoft fix—MS17-010— you should do so immediately. You should also be extremely suspicious of all e-mails you receive, particularly those that ask the recipient to open attached documents or click on Web links.
We request you to kindly keep your server up to date and do not forget to run update and scan the server on regular intervals.
Further, If you need any assistance, please let us know.
Please fill in the form below and we will contact you within 24 hours.