It started as a news flash from Britain that the National Health Service (NHS) computers may be be under some form of attack and while the dust was settling in the UK, we started hearing of educational institutions in Italy coming under the same attack and then came the same news from Russia. That’s when security companies started looking at this episode as some form of co0ordinated attack on European IT systems.
The attack was indeed a massive ransomware which has now spread across the globe affecting computer systems of both private and public institutions. Identified as WannaCry (aka ‘Wana Decrypt0r,’ ‘WannaCryptor’ or ‘WCRY’), it blocks a user’s access to their system and afterwards demands for money in order to grant the original user access to the computer. Users were asked to pay $300 in order to regain control of their systems.
But as some media organisations in the US are reporting, WannaCry attackers are exploiting a Windows vulnerability that may have also been used to gain backdoor access to devices by the NSA. Microsoft eventually issued a patch for this back in March but it’s now clear that many organisations didn’t apply the patch which left them open to attacks.
This vulnerability penetrates computer systems running the unpatched versions of Windows XP on a 2008 R2 server and exploits the flaws in the Windows SMB server and you can imagine the number of computers connected to such servers globally and this answers the question of why so many devices were affected earlier today and it’s not difficult for other computers on the network to get affected if one Is.
The fallout from this has been great as Russian security company Kaspersky now says the number of computers now affected could be over 45,000 in 74 countries including the US, Russia and the UK where about 16 hospitals were practically shut down. In the US it is reported that about 1,600 organisations were affected but this is small compared to 11,300 in Russia and 6,500 in China.
Bitcoin wallets associated with vulnerable computers started filling up with cash as well and in Spain it is estimated that 85 percent of computers at Spanish telecom firm, Telefonica were infected as well and the list goes but here’s how to protect yourself;
Public and private institutions should looks for ways to patch the MS17-010 flaw and then the old time and priceless one, don’t click on suspicious links and attachments online and in your email. Ensure your antivirus subscription is up to date to stay ahead of these threats evolving daily.