Security specialists around the world are still trying to track down the entry point of the WannaCry ransomware outbreak.
What we do know is that WannaCry appears to be a worm, meaning that it spreads quickly and indiscriminately through open network ports after finding its way onto a computer.
Nobody has been able to confirm with certainty where WannaCry originated, or if its initial distribution was via email. MailGuard is still investigating, along with security researchers around the world.
Following some online speculation on Saturday morning (AEST), MailGuard identified and provided screenshots of a batch of recent ransomware emails (which our filters blocked on Thursday night and Friday morning). These carried all the hallmarks of WannaCry.
We’ve since discovered that this was in fact the malware variant Jaff, which has many of the same characteristics of the WannaCry malware. We apologise for the initial confusion.
Jaff is also a rapidly-spreading form of malware – some reports indicate it was spreading at a rate of 5 million emails per hour at its peak.
Information from the MailGuard tech team on the current status of WannaCry in Australia
"MailGuard has not seen or had reported a single infection via emails delivered via our network. We have confidence we will not see this malware variant affect customers via emails protected by MailGuard.
“In accordance with security best practice, please ensure your antivirus protection (endpoint) and your organisation’s operating systems, in particular Windows, are updated to the latest available security patches to ensure that you do not get infected via other mediums."
Advice from the Australian Cyber Security Centre on WannaCry and other ransomware
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.