Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    WannaCry Ransomware Attack Hits Victims With Microsoft SMB Exploit

    By
    Sean Michael Kerner
    -
    May 12, 2017
    Share
    Facebook
    Twitter
    Linkedin
      Ransomware

      Ransomware is no longer just a nuisance. Now it’s quite literally a matter of life and death. A massive ransomware attack being labeled as “WannaCry” has been reported around the world and is responsible for shutting down hospitals in the United Kingdom and encrypting files at Spanish telecom firm Telefonica.

      The WannaCry attack is not a zero-day flaw, but rather is based on an exploit that Microsoft patched with its MS17-010 advisory on March 14 in the SMB Server. However, Microsoft did not highlight the SMB flaw until April 14, when a hacker group known as the Shadow Brokers released a set of exploits, allegedly stolen from the U.S. National Security Agency.

      SMB, or Server Message Block, is a critical protocol used by Windows to enable file and folder sharing. It’s also the protocol that today’s WannaCry attack is exploiting to rapidly spread from one host to the next around the world, literally at the speed of light. The attack is what is known as a worm, “slithering” from one host to the next on connected networks.

      Among the first large organizations to be impacted by WannaCry is The National Health Service in the UK, which has publicly confirmed that it was attacked by the Wanna Decryptor.

      “This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors,” the NHS stated. “At this stage we do not have any evidence that patient data has been accessed.”

      Security firm Kaspersky Lab reported that by 2:30 p.m. ET May 12 it had already seen more than 45,000 WannaCry attacks in 74 countries. While the ransomware attack is making use of the SMB vulnerability to spread, the encryption of files is done by the Wanna Decryptor attack that seeks out all files on a victim’s network. Once the ransomware has completed encrypting files, victims are presented with a screen demanding a ransom. Initially, the ransom requested was reported to be $300 worth of Bitcoin, according to Kaspersky Lab.

      “Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted,” the ransom note states. “Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.”

      It’s not clear who the original source of the global WannaCry attacks is at this point, or even if it’s a single threat actor or multiple actors. What is clear is that despite the fact that a software patch has been available since March for the SMB flaws, WannaCry is using tens of thousands of organizations that didn’t patch.

      Aside from patching and keeping systems up to date, having backups is always an essential element of good computer hygiene, which can help minimize the risk of ransomware as well.

      Ransomware has been a growing problem over the course of the last year, according to multiple industry reports. The 2017 Verizon Data Breach Investigation Report (DBIR) found a 50 percent increase in ransomware over the 2016 report, while Symantec reported in its Internet Security Threat Report (ISTR) that the average ransomware payout increased from $294 in 2015 up to $1,077 in 2016.

      As this is an evolving story, eWEEK will continue to update coverage as facts emerge and the attack progresses.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×