As at 12th May 2017 it believed that there are more than 75,000 recorded attacks of the WannaCry ransomware virus in at least 74 countries. Wanna Cryptor, also known as WannaCry , is believed to use the Ethernal Blue exploit, which was originally developed by the US National Security Agency to attack computers running Microsoft Windows operating systems. Security experts link the attack to vulnerabilities released by “The Shadow Brokers”, who recently dumped hacking tools stolen from NSA.
The huge cyberattack leveraging hacking tools brought disruption to Britain’s health system on Friday 12th May security researchers said.
United Kingdom
Hospitals and doctors’ surgeries in parts of England were forced to turn away patients and cancel appointments after they were infected with the “ransomware”, which scrambled data on computers and demanded payments of $300 to $600 to restore access. People in affected areas were being advised to seek medical care only in emergencies.
“We are experiencing a major IT disruption and there are delays at all of our hospitals,” said the Barts Health group, which manages major London hospitals. Routine appointments had been cancelled and ambulances were being diverted to neighbouring hospitals.
Spain
Telecommunications giant Telefonica in Spain was among many targets in Spain, though it said the attack was limited to some computers on an internal network and had not affected clients or services.
As a result, Spain’s Computer Emergency Response Team CCN-CERT, posted an alert on their site about a massive ransomware attack affecting several Spanish organizations. The alert recommends the installation of updates in the Microsoft March 2017 Security Bulletin as a means of stopping the spread of the attack. See below.
The National Health Service (NHS) in the U.K. also issued an alert and confirmed infections at 16 medical institutions. We have confirmed additional infections in several additional countries, including Russia, Ukraine, and India.
Portugal
A spokeswoman for Portugal Telecom said: “We were the target of an attack, like what is happening in all of Europe, a large scale-attack, but none of our services was affected.”
Ransomware is malicious software that infects machines, locks them by encrypting data and then extorts money to let users back in. A Telefonica spokesman said a window appeared on screens of infected computers that demanded payment with the digital currency bitcoin in order to regain access to files.
Rich Barger, director of threat research at U.S.-based security research company Splunk, said: “This is one of the largest global ransomware attacks the cyber community has ever seen.”
Ransomware is a program that gets into your computer, either by clicking on the wrong thing or downloading the wrong thing, and then it holds something you need to ransom.
In the case of WannaCry, the program encrypts your files and demands payment in bitcoin in order to regain access.
Security experts warn there is no guarantee that access will be granted after payment. Some ransomware that encrypts files ups the stakes after a few days, demanding more money and threatening to delete files altogether.
There are different variants of what happens: Other forms of ransomware execute programs that can lock your computer entirely, only showing a message to make payment in order to log in again. There are some that create pop-ups that are difficult or impossible to close, rendering the machine difficult or impossible to use.
British based cyber researcher Chris Doman of AlienVault said the ransomware “looks to be targeting a wide range of countries”, with initial evidence of infections in at least two dozen nations according to experts from three security firms.
The broad based ransomware attack has appeared in at least eight Asian nations, a dozen countries in Europe, Turkey and the United Arab Emirates and Argentina and appears to be sweeping around the globe, researchers said.
How to prevent and what to do if infected
Patch ALL Windows machines in your environment immediately. The EternalBlue vulnerability was patched by Microsoft back in March as part of MS17-010.
2 – Maintain up-to-date backups of files and regularly verify that the backups can be restored.
3- Ransomware attacks target shared network drives and cloud backups. This scenario makes it hard to retrieve the information in case of a ransomware attack. Therefore, do not rely on backup only – you must consider a protection mechanism.
4 – Ransomware is often delivered through the exact same channels as other types of malware: spear-phishing and malicious drive-by. Educate users to obtain from clicking on suspicious links, downloading email attachment and downloading software from dodgy resources.
5 – Install a ransomware detection and prevention tool. Small businesses and individuals should install Cybereason RansomFree. It is a free ransomware protection tool for PCs running Windows 7, 8, 10 and Windows Servers running 2008 R2 and 2012 R2. Download RansomFree here: https://ransomfree.cybereason.com
Removal of virus
Use a special tool such as that developed by How to Remove Guide