May 13, 2017
A new strain of ransomware raced across 70 countries Friday, wreaking havoc at the National Health Service in the UK, hobbling one of Spain’s largest telecom companies, and shutting down Russia’s Internal Affairs Ministry in an attack that cybersecurity experts say is only gaining in momentum.
Ransomware is a type of malware that installs itself on a device, such as a computer or smartphone, and then holds the device hostage until a ransom is paid.
This particular strain, WannaCry, exploits a vulnerability in Windows that many systems have not yet patched.
WannaCry has so far infected tens of thousands of computers in at least 74 countries, according to cybersecurity companies who are observing its spread across the globe.
Among the countries infected are the US, China, Russia, Spain, and the UK.
Ransomeware: Who's Affected & Why
Kaspersky Lab's Global Research & Analysis Team reported "earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world. In these attacks, data is encrypted with the extension “.WCRY” added to the filenames."
Kaspersky Lab's analysis indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14.
Unfortunately, it appears that many organizations have not yet installed the patch.
American shipping giant FedEx has been hit in a ransomware attack spreading quickly around the globe and linked to hacked or leaked data from the U.S. National Security Agency.
FedEx confirmed early Friday afternoon that it was a victim of the attack, but disclosed few details.
“Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware,” the firm said in a statement.
“We are implementing remediation steps as quickly as possible. We regret any inconvenience to our customers.”
Latest News: Researchers See Possible North Korea Link to Global Cyber Attack
What you need to do: If you've not installed the March, April or May Windows Update bundles, do so immediately. It's worth shutting down your system for a few minutes if it gives you a chance to avoid this. If you're still using Windows XP, you're out of luck, but the March and April update bundles should be available to Windows Vista. What Is Ransomware and How Can I Protect Myself?
More: Security Awareness Training Blog
Meanwhile, NSA whistleblower Edward Snowden has led the discussion on NSA’s role and responsibility in Friday’s extensive cyberattacks, noting that if the NSA had “privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, this may not have happened.”
Ransomware is one of the fastest-growing types of cyberattacks. Last year, cybersecurity companies estimated that ransomware attacks brought in over a billion dollars for cybercriminal networks globally, and they are on target to make even more in 2017.
While hospitals were not the target of the WannaCry ransomware strain Friday, they were among the most infected as they often lack budgets to defend their online systems, and once their networks are down, thousands of patients lives may be put at risk. Across the UK Friday, doctors reported chaotic situations, with one tweeting that patients would die as a result of the attack.
“This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors,” the NHS said in a statement. “Our focus is on supporting organisations to manage the incident swiftly and decisively.” NHS cyber-attack: Amber Rudd says lessons must be learnt
Cybersecurity experts said Friday that the Wannacry ransomware shows no signs of slowing down. Preliminary research on the strain shows that it is able to run in 27 languages, and likely includes other vulnerabilities that can take advantage of systems.
For now, cybersecurity experts are urging people to download the Microsoft update which patches the vulnerability as soon as possible to make sure their systems are protected.
Update: Security Blogger Halts Ransomware 'By Accident'
Related Article: Identifying Cyber Vulnerabilities in Manufacturers Digital Supply Chain Networks