Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    WannaCry Ransomware Attack Hits Victims With Microsoft SMB Exploit

    By
    SEAN MICHAEL KERNER
    -
    May 12, 2017
    Share
    Facebook
    Twitter
    Linkedin
      Ransomware

      Ransomware is no longer just a nuisance. Now it’s quite literally a matter of life and death. A massive ransomware attack being labeled as “WannaCry” has been reported around the world and is responsible for shutting down hospitals in the United Kingdom and encrypting files at Spanish telecom firm Telefonica.

      The WannaCry attack is not a zero-day flaw, but rather is based on an exploit that Microsoft patched with its MS17-010 advisory on March 14 in the SMB Server. However, Microsoft did not highlight the SMB flaw until April 14, when a hacker group known as the Shadow Brokers released a set of exploits, allegedly stolen from the U.S. National Security Agency.

      SMB, or Server Message Block, is a critical protocol used by Windows to enable file and folder sharing. It’s also the protocol that today’s WannaCry attack is exploiting to rapidly spread from one host to the next around the world, literally at the speed of light. The attack is what is known as a worm, “slithering” from one host to the next on connected networks.

      Among the first large organizations to be impacted by WannaCry is The National Health Service in the UK, which has publicly confirmed that it was attacked by the Wanna Decryptor.

      “This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors,” the NHS stated. “At this stage we do not have any evidence that patient data has been accessed.”

      Security firm Kaspersky Lab reported that by 2:30 p.m. ET May 12 it had already seen more than 45,000 WannaCry attacks in 74 countries. While the ransomware attack is making use of the SMB vulnerability to spread, the encryption of files is done by the Wanna Decryptor attack that seeks out all files on a victim’s network. Once the ransomware has completed encrypting files, victims are presented with a screen demanding a ransom. Initially, the ransom requested was reported to be $300 worth of Bitcoin, according to Kaspersky Lab.

      “Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted,” the ransom note states. “Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.”

      It’s not clear who the original source of the global WannaCry attacks is at this point, or even if it’s a single threat actor or multiple actors. What is clear is that despite the fact that a software patch has been available since March for the SMB flaws, WannaCry is using tens of thousands of organizations that didn’t patch.

      Aside from patching and keeping systems up to date, having backups is always an essential element of good computer hygiene, which can help minimize the risk of ransomware as well.

      Ransomware has been a growing problem over the course of the last year, according to multiple industry reports. The 2017 Verizon Data Breach Investigation Report (DBIR) found a 50 percent increase in ransomware over the 2016 report, while Symantec reported in its Internet Security Threat Report (ISTR) that the average ransomware payout increased from $294 in 2015 up to $1,077 in 2016.

      As this is an evolving story, eWEEK will continue to update coverage as facts emerge and the attack progresses.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×