Tags

, ,

Update 4: According to experts tracking and analyzing the worm and its spread, this could be one of the worst-ever recorded attacks of its kind. The security researcher who tweets and blogs as MalwareTech told The Intercept “I’ve never seen anything like this with ransomware,” and “the last worm of this degree I can remember is Conficker.” Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over nine million computers in nearly 200 countries.

Details:

Today’s WannaCry attack appears to use an NSA exploit codenamed ETERNALBLUE, a software weapon that would have allowed the spy agency’s hackers to break into any of millions of Windows computers by exploiting a flaw in how certain version of Windows implemented a network protocol commonly used to share files and to print. Even though Microsoft fixed the EternalBlue vulnerability in a March software update, the safety provided there relied on computer users keeping their systems current with the most recent updates. Clearly, as has always been the case, many people (including in governments) are not installing updates. Before, there would have been some solace in knowing that only enemies of the NSA would have to fear having ETERNALBLUE used against them–but from the moment the agency lost control of its own exploit last summer, there’s been no such assurance.Now we see exactly what’s at stake when government hackers can’t keep their virtual weapons locked up.

As security researcher Matthew Hickey, who tracked the leaked NSA tools last month, put it, “I am actually surprised that a weaponized malware of this nature didn’t spread sooner.”

Update 3: Microsoft  has issued a statement, confirming the status the vulnerability:

Today our engineers added detection and protection against new malicious software known as Ransom: Win32/WannaCrypt.

In March, we provided a security update which provides additional protections against this potential attack.

Those who are running our free antivirus software and have Windows updates enabled, are protected. We are working with customers to provide additional assistance.

Update 2: Security firm Kaspersky Lab has recorded more than 45,000 attacks in 74 countries in the past 10 hours. Seventy-four countries around the globe have been affected, with the number of victims still growing, according to Kaspersky Lab. According to Avast, over 57,000 attacks have been detected worldwide, the company said, adding that it “quickly escalated into a massive spreading.”

 

 

 

 

 

 

 

Resources\Related:

Ransomware WannaCry

WannaCry: What is ransomware and how to avoid it | News | Al Jazeera

Massive ransomware attack hits 99 countries – May. 12, 2017

An NSA-derived ransomware worm is shutting down computers …

Ransom: Win32/WannaCrypt

Microsoft’s WannaCrypt ransomware update takes unusual step of …

linux – Ransomware Ransom:Win32.WannaCrypt Attack Strikes Using …

74 countries hit by NSA-powered WannaCrypt ransomware backdoor …

using NSA exploit codenamed Eternalblue – The GenX Times

EternalBlue

ETERNALBLUE: Windows SMBv1 Exploit (Patched) – SANS Internet Storm

An NSA-derived ransomware worm is shutting down computers …

The Shadow Brokers Leaked Exploits Explained | Rapid7 Community …

How to Rapidly Identify Assets at Risk to WannaCry Ransomware and …

Leaked NSA Malware Is Helping Hijack Computers Around the World

74 countries hit by NSA-powered WannaCrypt ransomware backdoor …

using NSA exploit codenamed Eternalblue – The GenX Times

What’s Going On With That Massive Ransomware Attack?

Leaked NSA hacking tools are a hit on the dark web

NSA’s powerful Windows hacking tools leaked online

Leaked NSA Malware Is Helping Hijack Computers Around the World

How leaked NSA spy tools created a hacking free-for-all

 

Advertisements