Has Office 365 been updated to protect against WannaCry?

Copper Contributor

Hello:

 

Can anyone confirm that Exchange Online has been updated to protect Office 365 users against WannaCry (aka WanaCrypt0r)?

5 Replies

Depends on what you understand by "updated". The attack does not directly affect the service, but Microsoft has taken steps to prevent further spreading by pushing more strict EOP settings. As is usually the case, the attack targets outdated/unpatched versions of Windows, you can get more details from the relevant teams at MS:

 

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

https://blogs.technet.microsoft.com/mmpc/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-s...

@Vasil Michev Hi, how we can delete emails with this malware links from quarentine?

 

The Advanced Threat Protection of exchange office365 detect this links?

Malware does not go to the quarantine. Plus, there are features such as ZAP that can remove messages from user's mailboxes even after they are received: https://support.office.com/en-us/article/Zero-hour-auto-purge-protection-against-spam-and-malware-96...

 

Lastly, you can always do a manual Purge operation, but for that you need to know the criteria to identify those suspicious messages (a subject for example).

A simple query to the team, is there any incident reported of wannacry attack heppend through email media?

If yes what is the pattern of email?

This will help us more in sending communication to user with exact way the attacker framed email

 

Regards,

Manjunatha Gowda

 

WannaCry probably didn't arrive via email, that's what the latest reports are saying:

 

"SophosLabs has determined that this probably didn’t start the way a typical ransomware attack does, as a phishing email carrying a malicious attachment or link the user is tricked into opening."

 

The article provides more technical details about how WannaCry spreading via the SMB flaw. Further details are likely to emerge in the coming days.

 

By the way, I wrote up some notes on preventing ransomware attacks, more aimed at what organisations could do better with procedures etc.