A massive ransomware attack dubbed “WannaCry” launched more than 200,000 attacks in countries across the globe Friday afternoon. The malware effectively locks down all of the files on the infected computers and demands monetary payment for the targeted users to regain access.
Kaspersky Lab, which has been recording the attacks that spread rapidly over the last ten hours, report that those targeted have six hours to pay the ransom, with the amount increasing over time. Many of those affected paid the initial $300 immediately following the attack.
“WannaCry” is perhaps one of the broadest simultaneous attacks launched to date. It has reportedly affected large organizations such as Telefonica, FedEx, multiple companies in Russia and caused chaos in the UK where an attack on the NHS forced hospitals to halt operations.
If you see a screen like this, that’s WannaCry:
Most infections of this nature spread through email, however the latest version of “WannaCry” was able to infiltrate systems laterally through the networks of the breached organizations, although phishing most likely started the chain.
Additionally, the malware’s virulent spread can also be attributed its use of two exploits, Eternal Blue and Doublepulsar, both of which were developed by the National Security Agency (NSA). Eternalblue exploits a remote code-execution bug in the latest version of Windows 2008 R2 using the server message block and NetBT protocol. The exploit was leaked online months ago and patched by Microsoft — but those affected seem not to have updated their software to install the fix.
Large organizations are going to be more affected by Wanna then homes and small business. This is just due to the size of corporate networks, and how many neighboring PC’s there are.
This doesn’t mean that home users are immune. The infection point can still occur from traditional methods such as malware click bait.
Attacks like this can easily be avoided and the sheer scale demonstrates just how many organizations are not practicing good security controls and doing the basics. Oracle Dyn offers 24×7 automated, managed services that run these patches for you to keep you protected from ransomware attacks such as WannaCry and the WannaCrys of the future.
To protect your organization from WannaCry, install Microsoft patch MS17-010.