A ransomware attack appears to be spreading around the world, leveraging a hacking tool that may have come from the U.S. National Security Agency.
The ransomware, called Wanna Decryptor, struck hospitals at the U.K.’s National Health Service on Friday, taking down some of their networks.
Spain’s computer response team CCN-CERT has also warned of a “massive attack” from the ransomware strain, amid reports that local telecommunications firm Telefonica was hit.
The ransomware, also known as WannaCry, works by leveraging a Windows vulnerability that came to light last month when a cache of mysterious hacking tools was leaked on the internet.
The tools, which security researchers suspect came from the NSA, include an exploit codenamed EternalBlue that makes hijacking older Windows systems easy. It specifically targets the Server Message Block (SMB) protocol in Windows, which is used for file-sharing purposes.
Microsoft has already patched the vulnerability, but only for newer Windows systems. Older ones, such as Windows Server 2003, are no longer supported, but still widely used among businesses, according to security experts.
That may have painted a giant bullseye for hackers to target these systems. The developer of Wanna Decryptor appears to have added the suspected NSA hacking tools to the ransomware’s code, said Matthew Hickey, the director of security provider Hacker House, in an email.
Security firm Avast said it has detected the ransomware, largely attacking Russia, Ukraine, and Taiwan.
Another security research firm, MalwareTech, has created a page monitoring the attacks. They appear to have gone worldwide.
The Wanna Decryptor ransomware strikes by encrypting all the files on an infected PC, along with any other systems on the network the PC is attached to. It then demands a ransom of about $300 to $600 in bitcoin to release the files, threatening to delete them after a set period of days if the amount is not paid.
Security experts are urging organizations to patch vulnerable systems, upgrading to the latest versions of OSes, and making backups of any critical files.
Backup Backup Offline Backup.!
In the wake of the largest ransomware attack in the history that had already infected over 114,000 Windows systems worldwide since last 24 hours, Microsoft just took an unusual step to protect its customers with out-of-date computers.
Microsoft has just released an emergency security patch update for all its unsupported version of Windows, including Windows XP, Vista, Windows 8, Server 2003 and 2008 Editions.
So, if your organization, for some reason, is still running on Windows XP or Vista, you are strongly advised to download and APPLY PATCH NOW!
7 Easy Steps to Protect Yourself
Currently, there is no WannaCry decryption tool or any other solution available, so users are strongly advised to follow prevention measures in order to protect themselves.
Keep your system Up-to-date: First of all, if you are using supported, but older versions of Windows operating system, keep your system up to date, or simply upgrade your system to Windows 10.
Using Unsupported Windows OS? If you are using unsupported versions of Windows, including Windows XP, Vista, Server 2003 or 2008, apply the emergency patch released by Microsoft today.
Enable Firewall: Enable firewall, and if it is already there, modify your firewall configurations to block access to SMB ports over the network or the Internet. The protocol operates on TCP ports 137, 139, and 445, and over UDP ports 137 and 138.
Disable SMB: Follow steps described by Microsoft to disable Server Message Block (SMB).
Keep your Antivirus software up-to-date: Virus definitions have already been updated to protect against this latest threat.
Backup Regularly: To always have a tight grip on all your important files and documents, keep a good backup routine in place that makes their copies to an external storage device that is not always connected to your PC.
Beware of Phishing: Always be suspicious of uninvited documents sent an email and never click on links inside those documents unless verifying the source.
Again… Backup Backup… Offline Backup
WannaCry Ransomware fears: Pirated software makes us more vulnerable.
Microsoft Security Bulletin MS17-010 – Critical https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
Quick Heal Bot Removal Tool http://www.quickheal.co.in/bot-removal-tool
Kaspersky Anti-Ransomware Tool for Business https://kas.pr/ransomBIZ_IN