Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
5/13/2017
08:00 AM
Pieter Arntz
Pieter Arntz
Partner Perspectives
Connect Directly
Twitter
RSS
100%
0%

WanaCrypt0r Hits Worldwide

Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack.

Reports of two massive, global ransomware attacks are dominating the news. As workers in Europe are heading home for the weekend, ransomware is shutting down their systems. Here’s what we know so far.

Big targets
National Health Service (NHS) England, and Telefonica, one of the largest telecom providers in the world, have each given out statements indicating that their systems have been brought to a grinding halt by a ransomware that Malwarebytes detects as Ransom.WanaCrypt0r. The ransomware has also been observed hitting companies in Spain, Russia, Ukraine, and Taiwan.

Method
The ransomware is spread using a known, and patched, vulnerability (MS17-010) that came from a leaked NSA set of exploits that we reported on our blog in April. Our research shows the encryption is done with RSA-2048 encryption. That means that decryption will be next to impossible, unless the coders have made a mistake that we haven’t found yet.

Image Source: Malwarebytes Labs
Image Source: Malwarebytes Labs

The demanded ransom of $300 and the potential risks to the public that come with the targets being big utility and healthcare companies seem to be in shrill contrast. We can only hope that the companies that were hit will be able to get their backups deployed quickly and can start the recovery from this cyberattack. 

Protection
Consumers and businesses alike should be sure their systems and software are updated with all current patches in order to stop the spread of infection. We’ll continue to update this post as news develops and provide additional technical analysis throughout the day. Visit Malwarebytes Labs to stay up to date on the latest news from our malware intelligence and research teams. 

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
8/7/2017 | 7:39:00 AM
Server crash or files encrypted?
Either way, when a server fails, when drives fail, when they become unreadable, any company - any Technology professional SHOULD have a solid, tested backup and restore solution on hand.  This is just common sense folks.  A few years ago one of my small 501C3 accounts got destroyed by ransomware and I had a solid restore plan in place, within 3 hours all data was restored to server and workstation.  FOLKS - BACKUP AND REST!!!  
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
7 Ways VPNs Can Turn from Ally to Threat
Curtis Franklin Jr., Senior Editor at Dark Reading,  9/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16703
PUBLISHED: 2019-09-23
admin/infolist_add.php in PHPMyWind 5.6 has stored XSS.
CVE-2019-16704
PUBLISHED: 2019-09-23
admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS.
CVE-2019-16702
PUBLISHED: 2019-09-23
Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI.
CVE-2019-16695
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.
CVE-2019-16696
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.