Thursday, March 28, 2024

Massive worldwide ransomware attack hits more than 75,000 victims, and climbing

Share

Why it matters to you

Make sure your Windows PCs are up to date on the latest security patches, because this latest ransomware attack is serious.

Today, cybersecurity firm Avast reported on a massive ransomware attack that has hit more than 75,000 victims in 99 countries. While most of the targets were located in Russia, Ukraine, and Taiwan, other victims have been identified in Europe.

Most notably, Spanish telecommunications company Telefonia was a victim, as were hospitals across the United Kingdom. According to The Guardian, the U.K. attacks hit at least 16 National Health System (NHS) facilities and directly compromised the information technology (IT) systems that are used to ensure patient safety.


Avast

The WanaCryptOR, or WCry, ransomware is based on a vulnerability that was identified in the Windows Server Message Block protocol and was patched in Microsoft’s March 2017 Patch Tuesday security updates, reports Kaspersky Labs. The first version of WCry was identified in February and has since been translated to 28 different languages.

Avast further speculates that the underlying exploit seems to have been stolen from the Equation Group, which has been suspected of being tied to the NSA, by a hacker group calling themselves ShadowBrokers. The exploit is known as ETERNALBLUE and named MS17-010 by Microsoft.

When the malware strikes, it changes the name of affected files to include a “.WNCRY” extension and adds a “WANACRY!” marker at the beginning of each file. It also places its ransom note into a text file on the victim’s machine:


Avast

Then, the ransomware displays its ransom message that demands between $300 and $600 in bitcoin currency, and provides instructions on how to pay and then recover the encrypted files. The language in the ransom instructions is curiously casual and seems similar to what one might read in an offer to purchase a product online. In fact, users have three days to pay before the ransom is doubled and seven days to pay before the files will no longer be recoverable.


Avast

Ransomware is one of the worst kinds of malware, in that it attacks our information and locks it away behind strong encryption unless we pay money to the attacker in return for a key to unlock it. There’s something personal about ransomware that makes it different from random malware attacks that turn our PCs into faceless bots.

The single best way to protect against WCry is to make sure that your Windows PC is fully patched with the latest updates. If you have been following Microsoft’s Patch Tuesday schedule, then your machines should already be protected. It is the thousands of machine that have not yet been patched that are suffering from this particular widespread attack.




Read more

More News