Ransomware WannyCrypt WannyCry NSA ETERNALBLUE used in World Wide Attack

This post has been updated on 5/17/2017 since it's creation... on 5/13/2017

In light of the seriousness of this outbreak we are offering 5-10 Security Audits for nothing!  We will look at if you really are protected as best as possible, and more important is whether you can recover as fast as you financially want to.  If you get hit, do NOT pay the ransom until you call someone that can figure out if things can be recovered from backup etc...

On May 12th 2017,  The largest Outbreak of Ransomware named WannyCrypt aka WannyCry attacked.  Stolen code called ETERNALBLUE from the USA's NSA was used as the primary weapon and was released by a group known  as 'Shadow Brokers" .  150 Countries and 200,000 Windows systems have been verified as attacked.  Windows computers without a patch released by Microsoft on March 14th 2017 (MS17-010) are vulnerable.  This is so bad, that Microsoft has issued an emergency patch for their unsupported systems (Windows XP, Windows 8, Server 2003 and Server 2008).  If by any chance you are using any of these unsupported systems, you should ensure that the above patch has been downloaded/applied and that computer rebooted to make sure you are covered. Once a machine is infected, it will scan your entire internal network and then infect the vulnerable machines.

An unconfirmed report says that a new strain has been released that does not have the ability to stop the spreading.

By now you probably have heard about entire hospitals in the UK being shutdown (phone lines and computers)!  There are many more stories, but rather than researching them all I wanted to get this post out!  Before we go any further read this entire BLOG POST it is that important!!

Where is this coming from?

A Phishing attack is what is going on being delivered by Email SPAM... Either a PDF attachment or a link within the email is delivering WannyCry into your network.

What should I do?

Make sure the email is legit, first is it coming from someone you know, if not don't open it.

If it is coming from someone that you know, is the wording not congruent with what you have seen before from them?

If you are going to click on a link, make sure that the link goes to somewhere that is legit.  All you have to do is run your mouse over the link and the destination of where you would go when you click it will appear.  Look at the picture below...


When we moused over the blue link it showed us https://kc.mcafee.com.  In this case we know McAfee.com is a legitimate trusted location.  However what if when we moused over it we saw something like https://kc.macfee.com?  Just one character and you are in trouble.  However, there is another clever twist to this...

Here is your test.  You mouse over a link and see this...


Is it OK?  I'm sure you guessed it isn't.  Here is what it should look like...


It may look like it reads “apple”, however the example above the "A" is actually a Cyrillic character.  Yes multiple alphabets are supported making it almost impossible to distinguish!

Here is the list of browsers and their status on catching this:

  • Apple's safari - OK
  • Microsoft's Edge - OK
  • Microsoft Internet Explorer - OK
  • Google Chrome - Fixed in release 58 on March 24th 2017
  • Mozilla Firefox - Not fixed yet, however the user can adjust a setting to identify this

How to fix this in Firefox: 

  • In your Firefox location bar, type ‘about:config’ without quotes.
  • Do a search for ‘punycode’ without quotes.
  • You should see a parameter titled: network.IDN_show_punycode
  • Change the value from false to true, by double clicking on the entry


If you are a Managed Services Client of The Best Geeks and we support your computers then:

  • You have the Microsoft Update installed
  • The anti-virus/anti-malware program we are using has been verified to stop this malware.
  • Check the version of Chrome to make sure it is version 58 or above
  • Stop using Firefox until you apply the fix mentioned above

If you are not one of our clients and want to know more about how we can protect your small business, then email us at info@thebestgeeks.com or Contact Us.

Make sure you have the right kind of backup that can recover from a ransomware attack quickly like in less than 2 hours.  There are different types of backups and it makes you wonder why the Hospitals are taking so long to recover doesn't it?

Stay safe out there!

Rus Bel
Founder/CEO of The Best Geeks