Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.
May 12, 2017
A massive global ransomware attack is underway and, according to researchers at Kaspersky, more than 45,000 systems worldwide have been hit with the malware. The malware, dubbed "WannaCry," hits systems running Microsoft Windows on which a patch released on March 14, 2017 has not been applied.
The researchers note that, while immediately applying the March 14 patch release is considered critical, the ransomware itself doesn't depend on the vulnerability to work. It's the ransomware transmission and remote installation, rather, that appears to rest on the EternalBlue exploit patched by Microsoft.
According to the National Health Service, by mid-afternoon UK time,16 NHS organizations had been hit with the attack, in some cases requiring emergency patients to be directed to other hospitals after infected computers were shut down.
Spain's Telefonica was also hit, with several sources indicating that the telecom firm had instructed employees facing a ransomware screen to simply shut down their computers and await further instructions.
An article on Forbes.com pointed out that the EternalBlue exploit was first described publicly in the Shadow Brokers release of NSA hacking tools. In general, the initial infection vector is a .ZIP attachment to a spam email, which, when opened, immediately infects the target computer. According to CN-CERT, the Spanish cyber emergency response team, vulnerable versions of Windows include:
Microsoft Windows Vista SP2
Windows Server 2008 SP2 y R2 SP1
Windows RT 8.1
Windows Server 2012 y R2
Windows Server 2016
Initial ransom demands were for US $300 in BitCoins, payable through a link on the announcement screen, though more recent infections seem to have increased the ransom demand to US $600 with the promise that the amount will continue to increase. Several security research teams report that they are working on decryption tools, but none are currently available.
As of this writing, most of the infected systems have been in Russia, with systems in Europe, Asia and Africa also infected. While North America is not free from infection, the numbers have so far been low. For all system administrators, it's highly recommended that the advice of Microsoft Security Bulletin MS17-010-Critical be followed immediately.
For up-to-the minute information on systems that are infected and the response by researchers and government officials, Twitter's WannaCry Ransomware filter feed is hard to beat.
Read more about:Europe
Curtis Franklin, Jr. has been writing about technologies and products in computing and networking since the early 1980s. He has contributed to a number of technology-industry publications including Dark Reading, InformationWeek Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, and ITWorld.com on subjects ranging from enterprise security to mobile enterprise computing and wireless networking. Curtis is the author of hundreds of articles, the co-author of three books (including Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center), and has been a frequent speaker at computer and networking industry conferences across North America and Europe. When not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in amateur radio (KG4GWA), scuba diving, stand-up paddleboarding, and is a certified Florida Master Naturalist.
You May Also Like
Rethinking AIOPs — It's All About the DataMar 12, 2024
SCTE® LiveLearning for Professionals Webinar™ Series: Fiddling with Fixed WirelessMar 21, 2024
SCTE® LiveLearning for Professionals Webinar™ Series: Cable and 5G: The Odd Couple?Apr 18, 2024
SCTE® LiveLearning for Professionals Webinar™ Series: Delivering the DAA DifferenceMay 16, 2024