WannaCry Ransomware attack: In the United Kingdom, but also in many others European countries, a large-scale of ransomware attacks is going on, with cybercriminals asking for hospitals, universities, telephone companies and other companies to pay a redemption in bitcoins.
WannaCry: Among the various institutions affected, there is also the National British Health Service (they can’t use many computers in hospitals and medical buildings), but also the Spanish telecoms company Telefonica is having big problems in their infrastructures.
It is interesting to note that according to various security experts, a technique used in an NSA Intrusion Tool, called EternalBlue / DoublePulsar, has been exploited by a group of hackers called “Shadow Brokers”, that already had some attention in January when they broke some NSA servers and stole the code of “federal malware”.
The ransomware in question is called Wanna Cry but is also known as WCry. The mechanism is the usual one for this kind of malware: Windows computers, the WANACRY initial string is added to the document names, the infected files are encrypted (the extension changes to .WNCRY) and only who knows the decription password can have the access to them.
To get this password you have to pay a big ransom i whatever value they want.
Microsoft released a patch in March this year but obviously the affected systems are not up to date.
Malware can infiltrate PCs with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7, Windows 8.1, Windows RT 8.1, Windows Server 2012 and R2, Windows 10, and Windows Server 2016 with March update.
At the moment the ransomware spread itself in many countries in particular Russia, India and Taiwan.
Even if their main targets are companies, industries, infrastructures and hi-tech manufacters… even citizens could be harmed.
What Microsoft suggest to do, is to install all latest updates, clean up your laptop and be careful when surfing the net!