Large-Scale Cyber Attack (WCry2 Ransomware Outbreak)

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to ‘rm’ (delete) files in the virus.

“There is nothing comparable to date. This is a massive global ransomware operation, the largest and most effective to date. Unfortunately, not all organizations patched against ETERNALBLUE/shadowbrokers exploits,” said Kurt Baumgartner, principal security researcher, Global Research and Analysis Team (GReAT) for Kaspersky Lab.

The number of infections across the world is quickly growing, according to Kaspersky’s Twitter post. So far, some of the countries that have been hit include Britain, Spain, Russia, Taiwan, India, and the Ukraine, according to various reports streaming across the WannaCry Twitter feed.

“The suspected syndicated attack is unique in that it’s not targeted at any one industry or region, and is using a particularly nasty form of malware that can move through a corporate network from a single entry point,” says Simon Crosby, co-founder and chief technology officer at Bromium.

There is no reason to believe that it will not spread to the U.S.

According to IBM XForce  “research shows that this is ransomware being distributed through a phishing attack (PDF File) and then infecting the victim network through an auto-propagating worm utilizing an SMB exploit (MS17-010).”

Recommendations

Ensure clients are patched on MS17-010.

Microsoft Security Bulletin MS17-010 was released on March 14, 2017 marked “Critical”