It seems that the fallout from the WannaCrypt ransomware worm, also called WanaCrypt or Wcry, just to make things more confusing, is beginning to take shape. As of the time of writing, there were at least 74 countries affected and over 230,000 (per MalwareTech) machines of all types infected. Infected, of course, means they have been encrypted, locked and there is/was a countdown running to erase the contents of the computer.
It seems that no sector has been spared, the NHS, FedEx, parking machines, Deutsche Bahn (German Railways) to name a few have been infected. It doesn’t seem to matter what the computer was used for, such as home PC, workstation in a business, a server or an embedded device, anything not patched was vulnerable. Teams have been working all weekend to try and eliminate the attack and restore systems. It remains to be seen how well they will do.
It seems that the bit that matters, is how up to date the security patches were on the computer. Those with the most recent patches, from March 2017 onwards, were not affected. Microsoft made a statement to this effect last Friday.
Piecing together what is publicly known, it seems that the release of the NSA’s hacking tools earlier in the year, coupled with an existing ransomware toolkit were merged into this new threat. The infection, spreads like a worm, so getting into a single network enables all vulnerable machines within that network to be targeted. The instigators of this outbreak, were initially charging about $300 in Bitcoin, but as notoriety has spread, it seems to have been increased to $600.
The use of a well-known (to the NSA) exploit in Windows, which was not notified to Microsoft has let to everyone being vulnerable to this and other attacks. The responsible course of action is for anyone (including spy agencies) is to report to the software developer flaws or vulnerabilities. It is reprehensible to keep them a secret for their own exploitation and then to hope that nobody else finds the flaw. This is the current situation, the flaw was not patched, for years and now people, businesses and public services are suffering the consequences. As more of these tools are released in the future, the more of this will be seen. At some point, the attackers will be interested in more than a little extortion.
The real question, is what can be done going forward, by the individual, the business and governments. We’ll consider them together, as mostly it is the same thing:
In summary, the current attack is ongoing and will be for some time, this will lead to other more effective attacks. The goal is to make money for the attackers. Some estimates put the payoff from this ransomware attack at around one billion dollars ($1,000,000,000). This all but guarantees that there will be copycat attacks. Keep your systems patched, spend a little time and money to keep them secure and do not ever click on an attachment that you are not expecting. If the prompt comes up asking of you want to run this program, make sure you say no. Be safe, be secure.
DVANA have a clear leadership in security. Contact us today to see how we can secure your business and infrastructure from outside attack and what can be done when the inevitable happens.
There are a range of security related products in the Security Center, for your immediate download and use.