News

Large-Scale Ransomware Attack Targets Windows Systems

A widespread ransomware outbreak on Friday has attacked an estimated 45,000 systems in 74 countries, according to a report from the SANS Institute's Internet Storm Center.

The ransomware is identified as "WannaCrypt" and is targeting a Windows Server Message Block (SMB) flaw that was addressed with Microsoft's March MS17-010 "critical" security bulletin release. The Internet Storm Center also identified this flaw as "ETERNALBLUE." Apparently, that's a reference to one of the code names used for a group of hacking tools purportedly collected by the U.S. National Security and then subsequently leaked by a group calling itself "The Shadow Brokers."

The ransomware has hit hospitals in the United Kingdom and Telefonica in Spain, according to the Internet Storm Center. It's affecting National Health Service (NHS) computers in England and Scotland, according a report by The Guardian.

The ransomware, which encrypts a computer's files, is said to present a demand for $300 in Bitcoins to unlock them, along with a threat to double the price.

A Motherboard story suggested that the NHS may have been hit because it continues to run the unsupported Windows XP operating system across thousands of machines. However, MS17-010 is a patch for newer operating systems as well, such as Windows 7 and Windows 8.1, plus Windows Server 2008, Windows Server 2012 and even Windows Server 2016.

The WannaCrypt ransomware exploits a remote code execution flaw in SMB version 2, according to a Kaspersky Lab post. While Microsoft issued MS17-010 to patch the flaw, "it appears that many organizations have not yet installed the patch," Kaspersky Lab indicated. Most of the attacks are happening in Russia, according to the organization. The security firm recommended installing MS17-010, "which closes the affected SMB Server vulnerability used in this attack," among other measures.

When asked about the flaw, Microsoft responded Friday by e-mail, saying that its March update addressed the issue and consumers running Windows Defender and Windows Update would be protected, per a spokesperson:

Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt. In March, we provided a security update which provides additional protections against this potential attack. Those who are running our free antivirus software and have Windows Update enabled, are protected. We are working with customers to provide additional assistance.

Such an outbreak of malware, affecting public institutions, is the kind of scenario found in the novel, "Zero Day." Its author, Mark Russinovich, chief technology officer at Microsoft, acknowledged the similarity on Friday, saying, "Yes, it's a scenario from Zero Day," in a Twitter post.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.

  • Report: Security Initiatives Can't Keep Pace with Cloud, AI Boom

    The increasingly fast adoption of hybrid, multicloud, and AI systems is easily outgrowing existing security measures, according to a recent global survey by the Cloud Security Alliance (CSA) and exposure management firm Tenable.