WannaCry Ransomware Causing Worldwide Damage

The IT systems of around 40 National Health System hospitals across the UK have been affected by a WannaCry ransomware attack. Non-emergency operations have been suspended and ambulances are being diverted as a result of the attack.  Non-health focused organizations around the world are also being affected, including FedEx Corp, Spanish telecommunications firm Telefonica which reported 85% of their systems being down as a result of a cyber attack on Friday.

Mikko Hypponen, chief research officer at the Helsinki-based cyber security company F-Secure, called the attack “the biggest ransomware outbreak in history.”  This is a ransomware weapon of mass destruction.

The strain is called “Wanna Decrypt0r” which asks $300 from victims to decrypt their computers. This monster has infected over 100,000 systems in more than 100 countries.  The ransom starts at $300 for the first 6 hours, and you’ve got up to 3 days to pay before it doubles to $600. If you don’t pay within a week then the ransomware threatens to delete the files altogether.

According to CrowdStrike’s vice president of intelligence Adam Meyers, the initial spread of WannaCry ransomware is coming through spam, in which fake invoices, job offers and other lures are being sent out to random email addresses. Within the emails is a password protected .zip file, so the email uses social engineering to persuade the victim to unlock the attachment with a password, and once clicked that initiates the WannaCry infection.

But the most concerning aspect of WannaCry is its use of the worm-like EternalBlue exploit. “This is a weapon of mass destruction, a WMD of ransomware. Once it gets into an unpatched PC it spreads like wildfire,” CrowdStrike’s Meyers told Forbes. “It’s going through financials, energy companies, healthcare. It’s widespread.”

In the meantime,  harden yourselves by ensuring that all systems are fully patched with the “MS17-010” security update (link below) and remind all staff to Think Before They Click when they receive any out of the ordinary emails.  https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Microsoft has also released out-of-band patches for older versions of Windows to protect against Wana, because the original patch did not include Windows XP/Win8.

This information and content is from our friends at Knowbe4.