It's been weeks since a hacker group named Shadow Brokers dumped a set of tools believed to belong to the U.S. National Security Agency. Now, it appears the group is using one leaked tool, a Microsoft Windows exploit called EternalBlue, to spread a ransomware variant called WannaCry across the globe. The worm also goes by the name WannaCrypt or Wanna Decryptor.
Ransomware WannaCry Hits UK Hospitals And Beyond
WannaCry hit hospitals in the UK in particular, with reported closures of entire wards, patients being turned away, and National Health Service staff being told to go home. WannaCry has clobbered Britain's public health system, with doctors unable to access patient files and those seeking urgent care being denied service.
Beyond the UK, WannaCry also hit at least dozens of countries, according to the New York Times. FedEx, for instance, were among those affected in the United States. According to Kaspersky Lab, it had recorded at least 45,000 ransomware attacks in as many as 74 countries. Among those affected, Russia appears to be hit worst.
The attacks are similar to the hack that occurred in October, in which dozens of websites, among them Twitter, PayPal, and Spotify, were taken down by virtue of internet-of-things devices.
What You Need To Know About WannaCry Ransomware
Upon learning of EternalBlue's origin, Microsoft promptly released a patch in March to suture the vulnerability, but now it appears hackers took advantage of targets — such as hospitals — that had yet to update their systems.
WannaCry was distributed via email. Shadow Brokers sent an encrypted, compressed file that, once accessed and loaded, allowed the ransomware to penetrate the targets. Among the many targets were hospitals and telecommunication companies spanning Europe and Asia. That's according to MalwareHunterTeam, which tracks ransomware attacks.
The extent of the attacks could include much more than just hospitals and telecommunication companies, however, since MalwareHunterTeam only tracks attacks targets have reported. The computers appear to be hit with the same email demanding $300 to access their data. Otherwise, their computers were rendered fundamentally defunct.
The most pressing aspect of WannaCry is its worm-like EternalBlue exploit. The ransomware is being likened to a weapon of mass destruction, since once it penetrates a system, it immediately spreads like wildfire. What's more, the attacks are particularly malignant. In the past, similar DDoS attacks that caused significant disruptions were presented more as a message, a sampling of what hackers can do if certain targets don't beef up their security. With WannaCry, the hacker group seems as if it only wants to do harm to a range of industries, among them healthcare, financial institutions, and energy companies.
What You Should Do
Reuters reports a statement from Microsoft indicating that its engineers have added detection and protection measures against the "Ransom:Win32.WannaCrypt" malware. Make sure that your antivirus program or Windows Defender is updated before accessing corporate networks that WannaCry might have affected.
As always, be cautious of emails from recipients you don't personally know. If it's a suspect email containing a job offer, a document, or fake invoices, don't click it.
Thoughts about the WannaCry ransomware? Feel free to sound off in the comments section below!