WannaCry Ransomware Hits the Mother Lode

WannaCry is a self-replicating ransomware program that targets the Windows operating system. It works by encrypting entire drives and deleting backups before passing onto the next device. It has been called the biggest ransomware outbreak in history.

WannaCry is based on one of the many NSA exploits that leaked by “The Shadow Brokers” in April 2017.

https://github.com/misterch0c/shadowbroker

WannaCry (also known as Wana Decryptor) infects systems through a malicious program that first tries to connect to an unregistered web domain. When the malware cannot connect to the domain it will go on to override the operating system. A successful connection halts the attack.

The kill switch discovered by @malwaretechblog has slowed the spread of WannaCry.

https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack

WannaCry has proven itself to be the most potent ransomware ever released since its introduction into the wild on Friday 12 May 2017. It has taken down Europe's largest employer, the National Health Service (NHS). Dozens of British hospitals were forced to close wards, delay vital medical procedures and turn away patients as result of its spread.

http://www.independent.co.uk/news/uk/home-news/nhs-cyber-attack-hack-hospitals-16-patients-turned-away-wanna-decryptor-a7733196.html

From the UK the virus rapidly spread to other public sector facilities and offices around the world, with German public transport systems found to have been affected.

At the time of writing WannaCry had infected more than 200,000 computers in over 150 countries.

https://commons.wikimedia.org/w/index.php?curid=58863465

Some of the world's largest corporations have been exposed for having inadequate security measures in the process. Giants of industry such as FedEx and Spain's Telefonica have been found wanting as a result of the malware which demands a $300 payment in the form of bitcoin to restore user control of computer files. So far the sum of 20.9 BTC ($37,000) has made its way to bitcoin wallets controlled by the hackers. The amount of havoc caused has not been matched by material rewards.

The ransomware has been so successful that the hackers themselves have found that they are unable to keep up with the flurry of activity. Their website is unable to process the large number of ransom bitcoin payments.

The mass infection has highlighted how prevalent Windows XP use continues to be despite the operating system being outdated as well as how infrequently systems are patched within large organizations such as Britain's NHS.

The spread of WannaCry compelled Microsoft to make security patches available for Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, and Windows 8 x64.

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

As per the advice from Britain's National Cyber Security Centre, readers should:

Run Windows Update
Ensure your antivirus product is up to date, run a scan – if you don’t have one install one of the free trial versions from a reputable vendor
If you have not done so before, this is a good time to think about backing important data up – you can’t be held to ransom if you’ve got the data somewhere else.

https://www.ncsc.gov.uk/news/latest-statement-international-ransomware-cyber-attack-0

Readers are advised to be vigilant as a second round of attacks may be on the horizon. Reports suggest that a modified version of WannaCry has already been released without the ‘kill switch’. Keep your operating system and all applications up to date.

https://twitter.com/msuiche/status/863760653307203584