WannaCry Ransomware Vulnerability
- Article Number: 000012832
- Products: All
- Version:
- Last Published Date: May 19, 2017
Problem Description
Published Date: May 17, 2017 Last Update: June 21, 2017 KBA Status: Final KBA Severity: High CVE Numbers: Not applicable KBA Summary The Forcepoint Product Security Incident Response Team (PSIRT) has been monitoring the recent reports related to the WannaCry (also known as WannaCrypt, WannaCrypt0r 2.0, WannaCry, Wanna Decryptor, or Wcry) vulnerability and investigating its potential effect on Forcepoint products. This article will be updated as additional information becomes available. WannaCry is an encryption-based ransomware attack, which started spreading globally on May 12, 2017. The malware encrypts files on affected systems using AES and RSA encryption ciphers, allowing hackers to decrypt system files using a unique decryption key. WannaCry changes the computer's wallpaper with messages, asking victims to download the decryptor from Dropbox and demanding hundreds in bitcoins to get their files back. The malware is spread via SMB or the Server Message Block protocol typically used by Windows machines to communicate with file systems over a network. An infected machine would then propagate the infection to other at-risk boxes. The PSIRT has been working with the Forcepoint Engineering escalation teams to better understand if our products could be affected by installing the Microsoft MS17-010 Windows patch or disabling SMBv1, given the SMB protocol is used by a number of processes (e.g., Content Gateway proxy authentication). We have determined that:
To ensure the continued normal operation of your Forcepoint solution, you should apply the Microsoft MS17-010 Windows patch.
KBA Detailed Information For additional details, see the Forcepoint Security Labs blog about this vulnerability. |
Resolution
Workarounds Not applicable. Hotfix and Information About Other Fixes Not applicable. |
Article Feedback
Tools & Links
Want 24/7 Tech Support?
Learn more