Systems Worldwide Crippled in Massive Ransomware Attack

ALERT: Microsoft has had a patch in the wild for nearly 2 months that addresses the exploit used to install this malware. You can get the details here:

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx?f=255&MSPPError=-2147217396

If you are running Windows, you should update your operating system immediately if you have not been doing so.

Updates are presented with the newest information at the top.

UPDATE IV: The BBC has released its final liveblog update for the day on the NHS situation. 39 hospitals are affected, in addition to many general practitioner and dental offices across the UK. Chilling words from an anonymous source at one medical center:

According to the reports, the service disruption is expected to last “well beyond the weekend.”

• • •

UPDATE V: Add Russia’s Ministry of Internal Affairs to the list, as well as Megafon, the #2 mobile phone provider and #3 telecom in the country, per this GitHub factsheet.

• • •

UPDATE IV: The Washington Post reports that FedEx has been hit by the ransomware. This is the first major US firm known to have been infected.

• • •

UPDATE III: Microsoft released the following statement to the press regarding the ongoing WannaCry threat:

Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt. In March, we provided a security update which provides additional protections against this potential attack. Those who are running our free antivirus software and have Windows updates enabled, are protected. We are working with customers to provide additional assistance.

• • •

UPDATE II: MalwareHunterTeam (@malwrhunterteam) have published a heat map showing their highest infection rate zones.

There are a significant number of infections across the majority of Western Europe. Also notable are hot zones in Tokyo, Taiwan, Hong Kong, New York, Montreal and Monterrey.

• • •

UPDATE: Kaspersky Labs is reporting the attacks are part of a massive, worldwide attack. Their software has reported back over 45,000 attacks by the ransomware so far, with the majority of the attacks being located in primarily in Russia, with additional attacks in Eastern Europe and Asia, although the antivirus manufacturer notes that these numbers may not be entirely accurate since it relies primarily on distribution of its own products.

Kaspersky also notes that the ransoms have begun increasing their initial amounts, from $300 to $600.

Original story follows.

• • •

Hospitals and medical facilities in multiple large cities in the UK are experiencing a serious IT outage because of a ransomware attack on National Health Service computer services. The same malware is being blamed for an attack today against Telefónica, Spain’s largest telecommunications provider, as well as several other companies there.

Screenshot of the ransomware affecting NHS medical facilities

According to the BBC, major metropolitan NHS facilities are affected including London, Blackburn, Nottingham, Cumbria and Hertfordshire, with one IT provider reporting no fewer than 11 NHS clients affected. Many hospitals are shutting down surgical and general operations, asking patients to only come in if they have a serious emergency.

Meanwhile, in Spain, an outbreak has affected several companies, according to the Spanish government.

The victims included Telefonica (TEF.MC), the nation’s biggest telecommunications firm, while other Spanish firms such as power company Iberdrola (IBE.MC) and utility Gas Natural (GAS.MC) took preventive measures.

“There has been an alert relating to a massive ransomware attack on various organisations, which is affecting their Windows systems,” Spain’s National Cryptology Centre said in a statement.

The ransomware is a version of the WannaCry virus, which encrypts sensitive user data, the National Cryptology Centre said.

WannaCry, also known as WCry and WannaCrypt0r 2.0, affects unpatched Windows systems using the “EternalBlue” exploit, which became public when the hacker collective known as the “Shadow Brokers” released a large number of the exploits and hacking tools online on April 14. The group had previously gained a degree of infamy in 2016 after penetrating one of the NSA’s cyberwarfare launch systems and releasing a large amount of the agency’s hacking library to the public.

Read more at the BBC and Reuters.

Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *