WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) is a ransomware program targeting Microsoft Windows. On Friday, 12 May 2017, a large cyber-attack was launched, infecting over 230,000 computers in 150 countries.  The WannaCry ransomeware exploits the Microsoft vulnerability MS17-010 [https://technet.microsoft.com/en-us/library/security/ms17-010.aspx] to infect unpatched Windows-based computers.  The infection exploits Microsoft's implementation of the Server Message Block (SMB) protocol. Microsoft released a "Critical" advisory, along with an update patch to plug the vulnerability on 14 March 2017.  This patch fixed several workstation versions of the Microsoft Windows operating system including Windows Vista and Windows 8 as well as server versions such as Windows Server 2008, but not the older Windows XP, according to Microsoft.


While the initial outbreak was suspected to originate from a Spear Phishing attack, the threat expanded by exploiting the SMB vulnerability to spread out to random computers on the Internet, and "laterally" to computers on the same Local Area Network (LAN).


ServiceNow Response:


ServiceNow does not use Windows-based computers in its production environment.  As such, there is no direct threat to customer data hosted within ServiceNow’s subscription service.  Nevertheless, ServiceNow has implemented IDS signatures, SPAM filters, and Firewall rules to prevent, monitor and detect for signs of WannaCry-related activities.



For More, KB article: KB0549426