US-CERT has received multiple reports of WannaCry ransomware infections in many countries around the world. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.
The WannaCry ransomware exploits vulnerabilities in Server Message Block 1.0 (SMBv1). For information on how to mitigate this vulnerability, users and administrators are encouraged to review the US-CERT article on Microsoft SMBv1 Vulnerability and the Microsoft Security Bulletin MS17-010. For general advice on how to best protect against ransomware, review US-CERT Alert TA16-091A. Please report any ransomware incidents to the Internet Crime Complaint Center (IC3).