Massive ransomware attack hits over 70 countries, possibly derived from NSA tech

Computers all over the world are being locked down by a ransomware called Wannacry/Wanna/Wcry. Security researchers from companies like Avast and Kaspersky estimate as many as 57,000 computers have been affected.

Organizations across the world are suffering under the attack as universities, telecommunications and utility services, banks, and hospitals are affected. Most notably, the UK's NHS health service was also hit, leading to major disruptions in the service's ability to provide proper healthcare, with many surgeries and treatments being canceled for the time being.

Well over 70 countries including the UK, Turkey, France, Spain and the US are reporting cases of infection, with Russia being the most affected with over 70% of the infections occurring there.

The ransomware is targeting Windows devices using a vulnerability discovered by Microsoft earlier. The vulnerability was fixed by Microsoft back in March, however many systems have not yet been updated and are thus vulnerable to the attack.

Image Credit: Kaspersky Lab

Upon being locked down, the computer will display a message asking for $300 in Bitcoin to unlock the encrypted files, a sum which should be paid by May 15, with an even higher amount to be paid for an extended deadline of May 19. The prompt is available in over a dozen languages, signifying the attackers' intent and confidence in the attack's success worldwide. Indeed, according to some reports, the Bitcoin wallets shown in the ransom prompt are already receiving payments from users eager to have their files decrypted.

The origins of the ransomware are still unknown, with multiple security companies working on piecing together the information. What is currently known, however, is that the program is a worm, which makes it particularly dangerous given its ability to replicate across computers without any input from the user.

Moreover, researchers at Malwarebytes have confirmed that the attack uses hacking tools that were previously used by the NSA to take remote control of Windows machines, speaking to the potency of the software. EternalBlue, as the vulnerability is called, was published as part of a number of exploits by a hacker collective known as The Shadow Brokers back in April, exploits they claimed to have stolen from the NSA.

Users that are not yet affected should immediately obtain the official fix from Microsoft using this link, and be wary of any emails asking them to click on links or open attachments from unknown users.

Via: Ars Technica

Report a problem with article
Previous Story

Rainbow Six Siege's next season delayed to dedicate developer time on game improvements

Next Story

Google is updating its web app review process to protect users from further phishing attacks

65 Comments - Add comment

Advertisement