{"id":411,"date":"2017-05-13T17:13:52","date_gmt":"2017-05-13T17:13:52","guid":{"rendered":"https:\/\/eset-blog.aist.fun\/huge-ransomware-outbreak-disrupts-it-systems-worldwide-wannacryptor-to-blame\/"},"modified":"2019-05-29T11:56:04","modified_gmt":"2019-05-29T11:56:04","slug":"huge-ransomware-outbreak-disrupts-it-systems-worldwide-wannacryptor-to-blame","status":"publish","type":"post","link":"https:\/\/blog.eset.ee\/et\/en\/2017\/05\/13\/huge-ransomware-outbreak-disrupts-it-systems-worldwide-wannacryptor-to-blame\/","title":{"rendered":"Huge ransomware outbreak disrupts IT systems worldwide, WannaCryptor to blame"},"content":{"rendered":"

That escalated quickly! For those of you who did not read any news on Friday (or had your heads in the sand), you need to know that a massive tidal wave of malware just struck Planet Earth, creating gigantic waves in the information security sphere and even bigger waves for the victims. The culprit? A piece of ransomware, called WannaCryptor<\/strong><\/a> by ESET but also going by Wanna Cry and Wcrypt, has been spreading rapidly and it is utilizing leaked NSA files, namely the eternalblue<\/a> SMB exploit.<\/p>\n

Unlike most encrypting-type malware, this one has wormlike capabilities, allowing it to spread by itself. As a result, it has spread very quickly indeed. This is what victims of the English language version see:<\/p>\n

\"Hat<\/p>\n

The story started in Spain\u2019s telecom sector<\/a>, and quickly spread from that point onward and outward. Here is a version in Italian:<\/p>\n

\"Hat<\/p>\n

Many reports of healthcare related organizations being affected then appeared, plus various commercial websites, entire enterprise sites, and just about every type of network in between.<\/p>\n

The worst issue that is being dealt with by victims is this: the files touched by the attack are encrypted<\/strong> and the attacker is the only source for the key to reverse that. This can have dire consequences, especially in the healthcare sector. Encrypted patient records, doctor\u2019s files and other items may not be usable or accessible unless<\/strong> there is a good backup to restore from.<\/p>\n

The ransom demanded for decryption of the files appears to be about $300, which is actually lower than other ransomware we have seen, but the true cost will be all the time, lost files, and other collateral damage caused by this malware.<\/p>\n

There is also another theme emerging in the wake of this outbreak: Responsibility.<\/strong> The exploit that is being used, eternalblue<\/strong><\/a>, is openly available for download from a multitude of forums. I am all for research; however, providing a well-built exploit on a public forum that can affect hundreds of thousands of active machines seems a bit much, at least from where I am sitting currently. What happened to RESPONSIBLE <\/em><\/strong>disclosure???<\/p>\n

The Responsible Response<\/h1>\n

Fortunately, to protect yourself against this latest threat, there is much that you can do, and you should probably get started sooner rather than later:<\/p>\n