Government Contracting

Last Friday, May 12, 2017, a world-wide ransomware attack was launched using the WannaCrypt, a.k.a, WannaCry, ransomware program in “phishing” emails and through the EternalBlue network software exploit to infect Microsoft Windows systems.  Specifically, the attack is designed to take advantage of a vulnerability in the Microsoft Windows operating system that was identified earlier this year and for which Microsoft issued a “critical” patch on March 14, 2017 for systems running Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016 (see, Microsoft Security Bulletin MS17-010). 

Ransomware programs such as these usually work by sending an email with a link or attachment that the recipient clicks on to open and which results in an immediate encryption of all files and lock down of the computer and a demand for payment to unlock it or the threat of having all of the files on the computer permanently deleted.  Although it has not been definitively determined to date, it is also believed that the WannaCrypt/WannaCry ransomware program can also be spread through connections between unpatched computer systems.

Microsoft has issued patches for Windows operating systems that are no longer regularly supported (i.e., Windows XP, Windows 8, and Windows Server 2003). If you are unable to reach the site due to high traffic volume, visit the Microsoft Update Catalog.  

If you have not installed the patches, Microsoft is strongly recommending that you install the appropriate patch immediately.  Also, if you do not have an anti-virus program installed, it is a good idea to do so as soon as possible to thwart future attacks.  Programs that receive regular definitions from Microsoft and other software developers with information to scan and protect your computer from harmful attacks, are particularly effective in preventing and identifying future attacks. 

This alert was written by David R. Schaffer, a principal in the Intellectual Property & Technology practice group at Miles & Stockbridge.

Any opinions expressed and any legal positions asserted in the article are those of the author(s) and do not necessarily reflect the opinions or positions of Miles & Stockbridge P.C. or its other lawyers. This article is for general information purposes and is not intended to be and should not be taken as legal advice on any particular matter. It is not intended to and does not create any attorney-client relationship. Because legal advice must vary with individual circumstances, do not act or refrain from acting on the basis of this article without consulting professional legal counsel. If you would like additional information on the subject matter of this article, please feel free to contact any of the lawyers listed above. If you communicate with us, whether through email or other means, your communication does not establish an attorney-client relationship with either Miles & Stockbridge P.C. or any of the firm's lawyers. At Miles & Stockbridge P.C., an attorney-client relationship can be formed only by personal contact with an individual lawyer, not by email, and requires our agreement to act as your legal counsel together with your execution of a written engagement agreement with Miles & Stockbridge P.C.