DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
October 24, 2019 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 50 people online.

 

Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
 

Follow us
RSS
 

Massive ransomware attack is going around the world, unpatched Windows systems at huge risk

Posted on Friday, May 12 2017 @ 22:11:56 CEST by


MS logo
Just a quick note that a huge ransomware cyber attack is going around the world. A lot of news reports popped up the last couple of hours about how the UK's NHS got hit by a large ransomware attack but more recent reports indicate the situation is a lot worse as it's a worm that's hitting users and businesses in dozens of countries around the globe. The worm encrypts PC user data and demands a $300 ransom to get back control of the PC. The ransom has to be paid via Bitcoin, which makes it very hard to track.

Kaspersky Lab offers coverage over here. The worm is called WannaCry (or Wcry) and uses the "EternalBlue" SMB exploit from the NSA. This exploit was leaked to the Internet via the ShadowBrokers dump about a month ago.

The WannaCry worm uses a Windows vulnerability that enables it to spread automatically via internal LAN and WAN, without requiring any user action. That's why it's causing so much ruckus, once it's inside a vulnerable network it can rapidly replicate itself.
A few hours ago, Spain’s Computer Emergency Response Team CCN-CERT, posted an alert on their site about a massive ransomware attack affecting several Spanish organizations. The alert recommends the installation of updates in the Microsoft March 2017 Security Bulletin as a means of stopping the spread of the attack.

The National Health Service (NHS) in the U.K. also issued an alert and confirmed infections at 16 medical institutions. We have confirmed additional infections in several additional countries, including Russia, Ukraine, and India.

It’s important to understand that while unpatched Windows computers exposing their SMB services can be remotely attacked with the “EternalBlue” exploit and infected by the WannaCry ransomware, the lack of existence of this vulnerability doesn’t really prevent the ransomware component from working. Nevertheless, the presence of this vulnerability appears to be the most significant factor that caused the outbreak.
All Windows operating systems from XP to 10 are vulnerable but the good news is that Microsoft patched this vulnerability on March 14, 2017 (MS17-010). So based on current knowledge, it appears organizations that got hit big by this worm are either using unsupported software like Windows XP or neglect to install security updates on a regular basis. Patched systems can get infected too but this will require a user action.

Here's an infection map from MalwareTech botnet tracker.

Worldwide infections





 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba