Recently, the internet faced a massive attack which is believed to be the most massive ransom-ware delivery campaign to date. The ransom-ware campaign hit computer systems of hundreds of private companies and public organizations across the globe.
Also known as ‘Wana Decrypt0r,’ ‘WannaCryptor’ or ‘WCRY’, the Ransom-ware in question has been identified as a variant of ransom-ware WannaCry. Similar to other nasty ransom-ware variants, WannaCryblocks access to a computer or its files and demands money to unlock it.
After infecting the system, the ransom-ware demands the victims to pay up to $300 in order to remove the infection from their PCs. Not paying the ransom renders their PCs unusable, and files locked.
Using NSA’s Exploit to Spread Rapidly
The most interesting fact about this ransom-ware is that WannaCry attackers are leveraging a Windows exploit called Eternal Blue harvested from the NSA and dumped by Shadow Brokers hacking group over a month ago.
In response to the act by the Shadow Brokers hacking group, Microsoft released a patch for the vulnerability in March (MS17-010), but many users and organizations who did not patch their systems are open to attacks.
The exploit has the capability to penetrate into machines running unpatched version of Windows XP through 2008 R2 by exploiting flaws in Microsoft Windows SMB Server. And this is one of the reasons for spreading of WannaCry campaign at such an alarming rate.
Simply put, once a single computer in your organization is hit by the WannaCry ransomware, the worm looks for other vulnerable computers and infects them as well.
Infections from All Around the World
According to Kaspersky Labs, the campaign targeted over 45,000 computers in 74 countries, including United States, Russia, Germany, Turkey, Italy, Philippines, and Vietnam only over the first few hours and the number was still growing,
According to a report, the ransom-ware attack has shut down work at 16 hospitals across the UK after doctors got blocked from accessing patient files. Another report says, 85% of computers at the Spanish telecom firm, Telefonica, has get infected with this malware.
Malware Tech, another independent security researcher reported that a large number of U.S. organizations (at least 1,600) have been hit by WannaCry, compared to 11,200 in Russia and 6,500 in China.
Bitcoin wallets seemingly associated with WannaCry were reportedly started filling up with cash.
According to BBC, “Power firm Iberdrola and utility provider Gas Natural were also reported to have suffered from the outbreak.,”
Protect Yourself from WannaCry
The most important thing to do is to patch your Windows machines and servers against Eternal Blue exploit (MS17-010) if you have not done it yet.
In order to safeguard against such ransomware infection, you should always be suspicious of uninvited documents sent an email and should never click on links inside those documents unless verifying the source.
To maintain a tight grip on all your important files and documents, keep a good backup routine in place that makes their copies to an external storage device that is not always connected to your PC.
And always a make sure that you run an active anti-virus security suite of tools on your system, and most importantly, always browse the Internet safely.