Massive ransomware attack disrupted Britain’s health system and infected computers in nearly 100 countries on Friday leveraging hacking tool widely believed by researchers to have been developed by the US National Security Agency.
The hackers’ weapon of choice was Wanna Decryptor, a new variant of the WannaCry ransomware, which encrypts victim’s data, locks them out of their systems and demands ransoms. The ransomware is spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March. But computers and networks that hadn’t updated their systems were still at risk.
In the wake of the attack, Microsoft said it had taken the “highly unusual step” of releasing a patch for computers running older operating systems including Windows XP, Windows 8 and Windows Server 2003.
According to cybersecurity firm Avast, more than 75,000 ransomware attacks in 99 countries — which is believed to be the most massive ransomware delivery campaign to date. They also noted the ransomware is mainly being targeted to Russia, Ukraine and Taiwan, but the ransomware has successfully infected major institutions, like hospitals across England and Spanish telecommunications company, Telefonica.
“Affected machines have six hours to pay up and every few hours the ransom goes up,” said Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab. “Most folks that have paid up appear to have paid the initial $300 in the first few hours.”
How To Stay Safe From WannaCry Ransomware Attack :
“It’s very important everyone understands that all they [Wana Decrypt0r gang] need to do is change some code and start again,” MalwareTech explained last night. “Patch your systems now!”
The Wana Decrypt0r ransomware used a self-spreading mechanism derived from an NSA exploit leaked by the Shadow Brokers. That exploit can be mitigated by installing the patches included with Microsoft security bulletin MS17-010.
Additionally, Microsoft has released an update for older operating systems that are no longer officially supported, such as Windows XP, Windows 8, and Windows Server 2003. The update can be downloaded from here.
People already infected with this ransomware will not get their files back just because that domain was registered. It means that no new infections will occur with yesterday’s strain. Currently, there’s no known method of breaking the ransomware’s encryption.
The only viable method of getting files back at the moment is from previous operating system backups, and by paying the ransom note, as a last resort.
Also checkout our article about ransomware attacks and top tips to defend them in future.