WannaCry takes advantage of a vulnerability in Microsoft Windows.
The attack held users hostage by freezing their computers, popping up a red screen with the words, “Oops, your files have been encrypted!” and demanding money through online bitcoin payment $300 at first, rising to $600 before it destroys files hours later. Brad Smith criticized US intelligence agencies, including the CIA and National Security Agency, for “stockpiling” software code that can be used by hackers. The tools were made public by a hacking group called the Shadow Brokers. That prompted the company to issue another patch on Friday for older and unsupported operating systems such as Windows XP, allowing users to secure their systems without requiring an upgrade to the latest operating software. Microsoft had issued a patch on March 14, but many computers hadn’t run the update. In the United Kingdom however, the attack hit Britain’s National Health Service badly enough that services to patients were disrupted.
Carmaker Renault said one of its French plants, which employs 3,500 people, wasn’t reopening Monday as a “preventative step”.
While infosec pros in Canada this morning are scanning their systems to ensure Windows and anti-malware systems are fully patched to deal with the WannaCry ransomware that quickly spread around the world over the weekend, there are worries a new release of alleged CIA-created vulnerabilities from WikiLeaks will shortly lead to more attacks.
WannaCry is a type of trojan virus called ransomware. In many cases, this is because they either did not have backups, or they believed it was a faster way of getting their business back up and running.
“There are other criminals who’ve launched this attack, and they are ultimately responsible for this”, he said.
Finding out who was behind the malware is going to be very hard.
The malware behind WannaCry (also called Wana Decryptor or WCry) was reported to have been stolen from the NSA in April.
While the first wave of attacks was accidentally halted by a “kill switch” activated by a tech blogger, experts warn that a newer variant of the ransomware without the kill switch may soon been deployed.
“The recent attack is at an unprecedented level and will require a complex global investigation to identify the culprits”, Europol’s European Cybercrime Center says. The frequency and scale of attacks also gives us a measure of how effectively companies and countries are prepared for cybersecurity attacks of any kind.
The company’s top lawyer said the government should report weaknesses they discover to software companies rather than seek to exploit them. Microsoft has released a patch for these operating systems, including the ones for which they no longer offer support.
In Japan, several large manufacturers have been hit, reporter John Matthews tells NPR: “Companies including Hitachi have reported several of their systems going down, including computers at a hospital in eastern Japan”.
Never open attachments in emails from someone you don’t know. If you know how, disable SMB service by closing TCP ports 139 and 445. He says while it may be time consuming, update your software when it says it has an update. Better still, set the system to automatically do this on your behalf.
USE ANTIVIRUS SOFTWARE Using antivirus software will at least protect you from the most basic, well-known viruses by scanning your system against the known fingerprints of these pests.
“The operating systems on our computers and software downloads are managed centrally so that regular users can not download executable files from the internet without administrative rights”, he said in an email.