Unify Blog

The ransomware cyber-attack “Wannacry”  (named  also “Wannadecrytor” or “WCRY” ) continues its propagation and has impacted several thousands of systems across the world.  Your Unify and Atos teams have been fully mobilized for the last 72 hours and will continue until the end of this crisis.

If you have a Managed Service contract, you will be contacted by your service team regarding any specific actions we are taking to safeguard your environment; however we also strongly recommend that all customers apply great diligence in assessing and patching their Windows landscape.

Any Unify product (or 3rd party product supplied by Unify) including clients, which is running on a Microsoft Windows desktop operating system, is potentially impacted as a result of the Windows environment being affected and corrective action may be necessary.

Below is a list of the main Windows server based products which may be impacted if those Windows systems have not been patched.  This list is not intended to be exhaustive and includes only products actively commercialized and supported (not phased-out):

  • OpenScape Contact Center and Extensions (OSCC-E)
  • OpenScape CAP server
  • HiPath DTB, BLF Win Server
  • OpenScape Deployment Service (DLS)
  • OpenScape User Mgmt, Fault Mgmt, QoS Mgmt, Accounting Mgmt
  • OpenScape Xpert System Manager and Turret
  • OpenScape Voice Trace Manager
  • OpenScape CDC
  • OpenScape Xpressions
  • OpenScape SESAP
  • OpenScape Enterprise Express (OSEE) with embedded DLS, Xpressions, and
  • OpenScape Contact Center (OSCC)

While applying the Microsoft patch “MS17-010” is the only reliable root-cause fix to also address morphed virus versions, we want to bring to your attention a potential additional measure referred to as a  “kill switch” that may limit further virus spreading.

As the kill switches right now works only in Internet, there is additional effort needed to enable this in your Intranet that needs your network team involvement, please see technical details below.

However, the switches can only stop new infections of the current version of the ransomware (infected systems stay infected). The main purpose of implementing it in your Intranet is to protect a system that is initially infected (e.g. May 12) and then switched off/hibernated during the weekend. When the system connects again to your network, it could lead to potential further spread, as the virus pattern update and detection on this system might need some time.

Should you have any questions, please contact your service team.

Best regards,

Jon Pritchard,

CEO, Unify

 

Kill-switch technical details:

Different versions of Wannacry virus establish a direct connection to the following URLs, before infecting and spreading: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com and  http://www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com

This works in normal Internet environments (provided they have direct outside connection and standard DNS), but not in Intranets, as the virus does not use a proxy

Add in the DNS resolver in the Intranet entries for the DNS names www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com and www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com

Let this resolve to a local Intranet web server IP address (content does not matter, but the server needs to have http on port 80 and there needs to be a website on „/“)

Test if it works in your Intranet by disabling the proxy in the browser settings (IE, Chrome,…) and type: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com or www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com and if a website occurs, then it works.

 

 

Chief Executive Officer at Unify

Tagged with:
Posted in Channel Updates, Executive Blogs, Products, Unified Communications
7 comments on “Unify Statement on “Wanna cry” Ransomware
  1. Thanks for sharing this information, this is very much appreciated.

  2. Arne Belter says:

    The attack should not be underestimated

  3. S kumar says:

    This link has given very helpfull link to download patch for all windows OS

    http://www.knowinfonow.com/2017/05/handle-wannacry-ransomware-threat-computer-data.html

  4. Lisa Campbell says:

    It’s prime example that in the age of the digital workplace, an effective security strategy is critical.

  5. Minas Botsis says:

    I find it great that our CEO shows consern. Thank you!

  6. Jim Burke says:

    Thanks for the info we pass this on to our Customers

  7. You made a great site and you have The excellent material, I am very impressed with your site and also with your information. Thank you all for sharing the best stuff to us.

Leave a Reply

Your email address will not be published. Required fields are marked *

*