Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wana Decryptor Ransomware Using NSA Exploit Leaked By Shadow Brokers To Spread Ransomware Worldwide (threatpost.com)

Posted by BeauHD on from the never-before-seen dept.

msm1267 quotes a report from Threatpost: A ransomware attack running rampant through Europe today is spreading via an exploit leaked in the most recent Shadow Brokers dump. Researchers said the attackers behind today's outbreak of WannaCry ransomware are using EternalBlue, an exploit made public by the mysterious group in possession of offensive hacking tools allegedly developed by the NSA. Most of the attacks are concentrated in Russia, but machines in 74 countries have been infected; researchers at Kaspersky Lab said they've recorded more than 45,000 infections so far on their sensors, and expect that number to climb. Sixteen National Health Service (NHS) organizations in the U.K., several large telecommunications companies and utilities in Spain, and other business throughout Europe have been infected. Critical services are being interrupted at hospitals across England, and in other locations, businesses are shutting down IT systems. An anonymous Slashdot reader adds: Ransomware scum are using an SMB exploit leaked by the Shadow Brokers last month to fuel a massive ransomware outbreak that exploded online today, making victims all over the world in huge numbers. The ransomware's name is Wana Decrypt0r, but is also referenced online under various names, such as WannaCry, WannaCrypt0r, WannaCrypt, or WCry. The ransomware is using the ETERNALBLUE exploit, which uses a vulnerability in the SMBv1 protocol to infect vulnerable computers left exposed online. Microsoft issued a patch for this vulnerability last March, but there are already 36,000 Wana Decrypt0r victims all over the globe, due to the fact they failed to install it. Until now, the ransomware has laid waste to many Spanish companies, healthcare organizations in the UK, Chinese universities, and Russian government agencies. According to security researchers, the scale of this ransomware outbreak is massive and never-before-seen.
UPDATE: The Guardian reports that "An 'accidental hero' has halted the global spread of the WannaCry ransomware" by discovering a kill switch involving "a very long nonsensical domain name that the malware makes a request to." By registering that domain, the spread of the ransomware was effectively halted.

4 of 197 comments (clear)

  1. It hit the NHS hard by Anonymous Coward · · Score: 5, Interesting

    I'm a doctor in the NHS. It hit my hospital hard. The bosses triggered the MAJAX protocols meaning everyone off work was called to come in and help. Computers are used for everything, so blood tests, admissions, scan requests, referrals, all had to be done by hand. The public were asked to keep away from A+E because hundreds of people were waiting. It was terrifying how little failsafe infrastructure there was. The hospital just stopped working.

  2. Re:What boggles my mind by RandySmith6424 · · Score: 3, Interesting

    They don't have to be directly connected to the internet. They just have to have a shitty network admin that didnt close 445 on the firewall and didnt patch windows.

  3. It's not an old patch either. by Anonymous Coward · · Score: 0, Interesting

    But it IS for SMB v1 protocol, which IS old.

    So it;s not like even if it were a year old patch that this hole was quickly fixed, was it. Moreover, most IT systems are still trying to find out which patches can be applied and which ones cannot because of their spyware implications or incompatibility with other software or hardware.

    HomePCs can patch as soon as the patch comes out, but IT networks of large comanpies can't afford their IT to be out of order because of a patch for 6 months, and have to properly test it on a small subnet or sacrificial systems for months first.

    And homePC owners can't afford to install the patches as they come out because doing so means that MS will fuck about with your preferences if they don't help MS's bottom line and will also be unable to roll back properly when drivers stop working because of a "fix" in the patch.

    And if they're supposed to read comprehend and validly agree to the new license, it can take several months to get the money to pay a lawyer to read the EULA and explain it to you so you can actually validly in a legal sense say you agree.

  4. Re:Say "thanks" to leakers by mi · · Score: 2, Interesting
    Whatever, dude. But I still think, the blame ought to be distributed in the following order:
    1. Those, who unleashed the stolen weapon.
    2. Those, who stole the weapon.
    3. Microsoft.
    4. NSA.
    --
    In Soviet Washington the swamp drains you.