Header Ads

Ransomware based on leaked NSA tools spreads to dozens of countries in the last 24 hours

WannaCry Ransomware That's Hitting World Right Now

A ransomware attack seemingly based on leaked NSA hacking tools is spreading like wildfire among unpatched Windows systems worldwide. Early reports suggested it was targeted at the UK’s National Health Service, but it’s clear now that the attack is a global one, with thousands of computers apparently affected in Russia alone.

A Kaspersky lab analysis puts the number of infected computers at more than 45,000 as of early Friday afternoon, the vast majority of which are Russian (Ukraine, India, Taiwan and Philippines follow). The ransomware’s code makes it pretty clear that it’s taking advantage of an exploit called EternalBlue, published in April by the Shadow Brokers but patched preemptively by Microsoft in March.

If everyone just kept their boxes up to date we wouldn’t have the current viral conflagration, of course, but as usual that’s too much to ask.

A bitcoin wallet reportedly used by the ransomers shows numerous incoming transactions of between 0.15 and 0.3 BTC, worth around $250-$500 today, so at least a few of those infected have opted to pay rather than attempt to extricate their data safely or do a full wipe and rollback.

Microsoft released a patch for the vulnerability in March (MS17-010), but many users and organizations who did not patch their systems are open to attacks. (specially pirated ones)

On Good Friday, the Shadow Brokers released a massive trove of Windows hacking tools allegedly stolen from NSA that works against almost all versions of Windows, from Windows 2000 and XP to Windows 7 and 8, and their server-side variants such as Server 2000, 2003, 2008, 2008 R2 and 2012, except Windows 10 and Windows Server 2016.

The exploit has the capability to penetrate into machines running unpatched version of Windows XP through 2008 R2 by exploiting flaws in Microsoft Windows SMB Server. This is why WannaCry campaign is spreading at an astonishing pace.

Once a single computer in your organization is hit by the WannaCry ransomware, the worm looks for other vulnerable computers and infects them as well. I suggest unplug the LAN of the infected computer so I won't spread on other network computers 

In addition some say they crack the malware with password "WNcry@2o17",  if you encounter this ramsomware try the crack password for WannaCry  "WNcry@2o17" without quote.

No comments

blogmytuts. Powered by Blogger.