Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
5/13/2017
08:00 AM
Pieter Arntz
Pieter Arntz
Partner Perspectives
Connect Directly
Twitter
RSS
100%
0%

WanaCrypt0r Hits Worldwide

Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack.

Reports of two massive, global ransomware attacks are dominating the news. As workers in Europe are heading home for the weekend, ransomware is shutting down their systems. Here’s what we know so far.

Big targets
National Health Service (NHS) England, and Telefonica, one of the largest telecom providers in the world, have each given out statements indicating that their systems have been brought to a grinding halt by a ransomware that Malwarebytes detects as Ransom.WanaCrypt0r. The ransomware has also been observed hitting companies in Spain, Russia, Ukraine, and Taiwan.

Method
The ransomware is spread using a known, and patched, vulnerability (MS17-010) that came from a leaked NSA set of exploits that we reported on our blog in April. Our research shows the encryption is done with RSA-2048 encryption. That means that decryption will be next to impossible, unless the coders have made a mistake that we haven’t found yet.

Image Source: Malwarebytes Labs
Image Source: Malwarebytes Labs

The demanded ransom of $300 and the potential risks to the public that come with the targets being big utility and healthcare companies seem to be in shrill contrast. We can only hope that the companies that were hit will be able to get their backups deployed quickly and can start the recovery from this cyberattack. 

Protection
Consumers and businesses alike should be sure their systems and software are updated with all current patches in order to stop the spread of infection. We’ll continue to update this post as news develops and provide additional technical analysis throughout the day. Visit Malwarebytes Labs to stay up to date on the latest news from our malware intelligence and research teams. 

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
8/7/2017 | 7:39:00 AM
Server crash or files encrypted?
Either way, when a server fails, when drives fail, when they become unreadable, any company - any Technology professional SHOULD have a solid, tested backup and restore solution on hand.  This is just common sense folks.  A few years ago one of my small 501C3 accounts got destroyed by ransomware and I had a solid restore plan in place, within 3 hours all data was restored to server and workstation.  FOLKS - BACKUP AND REST!!!  
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Malwarebytes protects businesses against malicious threats that escape detection by traditional antivirus solutions. Malwarebytes Anti-Malware, the companys flagship product, has a highly advanced heuristic detection engine that has removed more than five billion malicious threats from computers worldwide. SMBs and enterprise businesses worldwide trust Malwarebytes to protect their data. Founded in 2008, the company is headquartered in California with offices in Europe, and a global team of researchers and experts. For more information, please visit us at www.malwarebytes.com/business.
Featured Writers
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11375
PUBLISHED: 2018-05-22
The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
CVE-2018-11376
PUBLISHED: 2018-05-22
The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.
CVE-2018-11377
PUBLISHED: 2018-05-22
The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
CVE-2018-11378
PUBLISHED: 2018-05-22
The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.
CVE-2018-11379
PUBLISHED: 2018-05-22
The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file.