Updated WannaCry Indicators

Thursday, May 18, 2017 @ 11:05 AM gHale


Indicators associated with the WannaCry ransomware released to raise awareness of the ICS community and to identify affected ICS and medical device vendors that have contacted ICS-CERT to report their vendor-issued recommendations to mitigate the risk associated with the WannaCry ransomware, according to a report with ICS-CERT.

WannaCry ransomware hit over 200,000 computers, from the manufacturing to medical industries, in at least 174 countries starting Friday and through the beginning of this week. The malicious code relied on victims opening a zip file emailed to them and from there the ransomware package used a patched flaw in the Microsoft operating system software to proliferate. Microsoft did release the patch for the vulnerability in March, but like most patches – especially in the manufacturing automation sector – patching is infrequent, or it takes time to validate, or does not happen at all.

RELATED STORIES
Agencies Amassing Zero Days
WannaCry Variants Tougher to Kill
How to Protect Against ‘WannaCry’
Secrets Under Attack: Report

The following ICS and medical device vendors reported they support products that use Microsoft Windows and have proactively issued customer notifications with recommendations for users:

Rockwell Automation

Becton, Dickinson and Company (BD)

Schneider Electric

ABB

Siemens (multiple links)
Siemens 1

Siemens 2

Siemens 3

Siemens 4

Siemens 5

Siemens 6

Siemens 7

Siemens 8

Siemens 9

Siemens 10

Siemens 11

GE

Philips

Smiths Medical

Johnson & Johnson

Medtronic

Tridium

Emerson Automation Solutions

Honeywell

In an effort to support critical infrastructure asset owners/operators, ICS-CERT published a What is WannaCry/WanaCrypt? Fact Sheet.

To assist healthcare providers with mitigation efforts, ICS-CERT offers the following information regarding the patch management of medical devices, which comes directly from the FDA Fact Sheet — FDA’s Role in Medical Device Cybersecurity:

• Medical device manufacturers can always update a medical device for cybersecurity. In fact, the FDA does not typically need to review changes made to medical devices solely to strengthen cybersecurity.
• The FDA recognizes that Healthcare Delivery Organizations (HDOs) are responsible for implementing devices on their networks and may need to patch or change devices and/or supporting infrastructure to reduce security risks. Recognizing that changes require risk assessment, the FDA recommends working closely with medical device manufacturers to communicate changes that are necessary.

The FDA provided recommendations to protect healthcare systems in their Cybersecurity for Medical Devices and Hospital Networks: FDA Safety Communication. The FDA recommends healthcare providers consider taking the following steps:
• Restricting unauthorized access to the network and networked medical devices.
• Making certain appropriate antivirus software and firewalls are up-to-date.
• Monitoring network activity for unauthorized use.
• Protecting individual network components through routine and periodic evaluation, including updating security patches and disabling all unnecessary ports and services.
• Developing and evaluating strategies to maintain critical functionality during adverse conditions.

ICS-CERT reminded organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.

ICS-CERT also provides a control systems recommended practices page on the ICS-CERT web site. Several recommended practices are available for reading or download.



Leave a Reply

You must be logged in to post a comment.