Seit Freitag wird über weltweite IT-Sicherheitsvorfälle mit hoher Schadenswirkung berichtet, die durch die Ransomware "WannaCry" ausgelöst werden. German companies are also affected. Infection can occur via an email with a compressed file attachment. Antivirus filters on mail servers usually do not filter out the malware. Once a system in a network is infected, the malware uses a vulnerability in Microsoft Windows to spread further in the network without the user having to do anything.
By chance, a way was found to contain the spread of the malware for the time being by registering a domain that functions as a kind of "killswitch". To benefit from this, it is essential that the domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is accessible and that traffic to it is not filtered by a proxy or virus protection software.
However, new variants have already been spotted in which this "killswitch" has no effect. Therefore, the most important countermeasure is to install the Microsoft security update MS-17-010 on all devices with a Windows operating system as soon as possible. Microsoft hat auch Updates für ältere Versionen von Windows veröffentlicht, inklusive Windows XP.
The BSI has summarized general information and recommendations for action to protect against ransomware in a dossier that can be downloaded from the BSI-Webseite. The BSI provides businesses and public authorities with information and recommendations for action via the established channels CERT-Bund , UP KRITIS and Allianz für Cyber-Sicherheit.
Update 2017-05-18
The US-CERT has a Fact Sheet zu WannaCry published.