- Posted by:
On May 19, 2017, 3:54 a.m.
There is a serious malware cyber threat called “WannaCry” that is impacting many organizations worldwide. This type of threat is known as ransomware. It will encrypt the files on your end-points running Microsoft operating system software, rendering them inaccessible. ATMs are at risk of this attack. Additionally, this malware attempts to infect other end-points on the same network. Manufacturers have taken steps to respond to this threat.
There have been unconfirmed media reports that ATMs in India have experienced this attack.Who is at risk? Customers running any Windows OS who have not applied the Microsoft security patch MS17-010. For Windows 7 customers. Security updates for the range of Windows OS are available at: http://www.catalog.update.microsoft.com/search.aspx?q=4012598
Additionally, customers install MS17-010 at their next monthly patch deployment, after testing in their lab, as per PCI guidance.
Customers using an alternative anti-malware solution should contact their anti-malware vendor for guidance and also deploy the Microsoft security patch after testing in their lab.
Customers who are not using any anti-malware solution must install the Microsoft patch immediately. The patch should be tested in a lab environment prior to deploying to a live ATM. Deploying the Microsoft Security Patch: All Windows XP SP3 and Windows 7 SP1 ATMs should install the patch for MS17-010 as soon as possible.
Windows 7 SP1 ATMs
Patch can be obtained from the link below as part of March 2017 Security convenience roll up
Windows XP SP3 ATMs
Microsoft have made the patch for the vulnerability causing the WannaCry ransomware infections available on Windows XP. The XP SP3 patch is available at:
The MS Security patch for other Windows OS are available at:
http://www.catalog.update.microsoft.com/search.aspx?q=4012598 Guidance if end-point is infected: If any ATMs are infected/locked with the ransomware, then every other ATM and end-point on the same network must be checked for infection as well. Once the malware infects one end-point on the network it will replicate itself to other vulnerable systems.
The only way to recover an infected and encrypted ATM is to reimage from scratch. There is NO other option. Ensure that the patch is installed as part of the reinstall.
For more help talk to a LNX expert today!
Share on LinkedIn
Share on Facebook