We have a high alert for everyone.
A Massive Ransomware Attack has been underway and has affected 99 countries, including the UK, US, China, Russia, Spain, Italy and Taiwan.
Reports also show 75,000+ cases already.
“This is huge”
said Jakub Kroustek at Avast.
This massive cyber-attack is using tools believed to have been developed by the US National Security Agency.
Computers in thousands of locations have been locked by a programme that demands $300USD (£230) in Bitcoin.
In April, hackers known as The Shadow Brokers claimed to have stolen the tools and released them online.
Microsoft released a patch for the vulnerability in March, but many systems may not have been updated.
The Ransomware is called “WannaCrypt0r/WannaCry“.
Once one computer on a network is affected, the malware infection easily spreads to other Windows computers on the same network, shutting down entire government agencies and national infrastructure companies.
Who has been Affected?
The UK’s National Health Service (NHS) has been hit and screenshots of the WannaCry program were shared by NHS staff.
Hospitals and doctors’ surgeries were forced to turn away patients and cancel appointments. One NHS worker told the BBC that patients would “almost certainly suffer” as a result.
Some reports said Russia had seen more infections than any other single country. Russia’s interior ministry said it had “localised the virus” following an “attack on personal computers using Windows operating system”.
People tweeted photos of affected computers:
Just got to Frankfurt and took a picture of this… #Sbahn, you got a #Ransomware! pic.twitter.com/w0DODySL0p
— Marco (@AvasMarco) May 12, 2017
A ransomware spreading in the lab at the university pic.twitter.com/8dROVXXkQv
— ? (@dodicin) May 12, 2017
A number of Spanish firms – including telecoms giant Telefonica, power firm Iberdrola and utility provider Gas Natural – suffered from the outbreak. There were reports that staff at the firms were told to turn off their computers.
Portugal Telecom, delivery company FedEx, a Swedish local authority and Megafon, the second largest mobile phone network in Russia, also said they had been affected.
Who is behind it?
Some experts say the attack may be have been built to exploit a weakness in Microsoft systems that was identified by the NSA and given the name EternalBlue.
The NSA tools were then stolen by a group of hackers known as The Shadow Brokers, who then attempted to sell the encrypted cache in an online auction.
However they subsequently made the tools freely available, releasing a password for the encryption on April 8.
The hackers said they had published the password as a “protest” about US President Donald Trump.
At the time, some cyber-security experts said some of the malware was real, but old.
A patch for the vulnerability was released by Microsoft in March, but many systems may not have had the update installed.
Microsoft said on Friday “its engineers had added detection and protection against WannaCrypt.” The company was “providing assistance to customers,” they added.
UPDATE: A Hacktivist Group named “SpamTech” have made claims to the WannaCry Ransomware:
https://twitter.com/0xSpamTech/status/863058605473509378 (Tweet Deleted)
When asked for proof, they have not responded as of yet. The interesting part about the language is the fact it says “we have taken over NHS…” rather anything related to making money or causing a huge issue.
We shall keep you posted.
What is Ransomware?
Ransomware is a kind of malicious script or software that installs itself on your computer without your knowledge.
Once it’s installed and running, it will lock down your system and won’t allow you to access any files or programs on that computer.
Usually, as in this current WannaCry exploit, it will alert you to the lockdown with an impossible-to-ignore pop-up screen which informs you that your computer is being held for ransom. To unlock your system and regain access to the computer being held hostage, the lock screen informs you that you must purchase an unlock tool or decryption key from the hacker.
What do you do? Am I Protected?
According to Microsoft, a fix for this vulnerability was released on March 14th for all affected versions of Windows.
If you are running Windows and have automatic updates enabled you should be ok.
If you don’t and haven’t updated recently you should update to the most recently released version immediately. It is important to note that unsupported versions of Windows, like XP or Vista, did not receive this security update. Those systems should either be isolated or shut down.
Please pass this along to your friends and family. Those that are less technical may not have updates auto-enabled, and may need a helping hand updating their operating system.
It is also important to keep your Anti-Virus up-to-date. We recommend Norton Security Premium by Symantec.
