In what is being touted as one of the worst Ransomeware attacks of 2017, the WannaCry (WannaCrypt, WCry) Ransomeware has infected over 57,000 computers in approximately 99 countries (as of May 12th 12:15pm)
What makes this attack particularly nasty is that a large amount of public service institutions in and around the UK were affected. Wcry is reportedly causing disruptions at banks, hospitals, telecommunications services, train stations, and other mission-critical organizations in multiple countries, including the UK, Spain, Germany, and Turkey
The ransomware changes the affected file extension names to “.WNCRY”, so an infected file will look something like: original_name_of_file.jpg.WNCRY, for example.
The encrypted files are also marked by the “WANACRY!” string at the beginning of the file.
Infected computers are left with a ransome note in the form of a text file
A ransom of $300 worth of bitcoins is being demanded. Instructions on how to pay the ransom, an explanation of what happened, and a countdown timer are displayed in what the hackers behind the ransomware are referring to as “Wana Decrypt0r 2.0”
Lastly, desktop wallpapers are changed to the following
This exploit (codenamed “EternalBlue”) has been made available on the internet through a hacking group called Shadowbrokers in April 2017. Almost a month before however, the vilnerability was patched by Microsoft. Turns out that many servers and desktops did not take warning of the patch / update leading to the mass infections we are seeing today.
WHAT SHOULD YOU DO?
- If you are not infected, run the Microsoft Patch MS17-010 for this vulnerability
- Keep your anti-virus and anti-malware software updated
- If you are infected
- Do not pay the ransom
- Instead restore from the latest clean backup then install the patch
- Do not click on suspicious links found in emails