WRALtechwire.com logo

Has your network been 'patched'? Failure to do opens way for global hack

Ransomware attack: 'Ooops ..."

May, 12 2017, 4:17 PM

A massive global "ransomware" attack on Friday hit corporate and government networks across 74 countries on Friday. And a security firm points out the attacks could have been prevented if companies had "patched," or updated their networks to guard against the onslaught being called "Wanna Cry."

Ransom demands for payments in order to unlock encrypted files were made in multiple languages, including Chinese.

Here's an update on the global attack's impact from The Associated Press as of Monday morning:

Bitcoin payments

The hackers also demanded payment in electronic, or crypto currency, known as Bitcoin, SecureList says in a blog with information from Kaspersky Lab.

"Our analysis indicates the attack, dubbed 'WannaCry', is initiated through an SMBv2 remote code execution in Microsoft Windows," says SecureList, which is recognized internationally for its work in tracking such hacks.

"This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14," the firm ads.

"Unfortunately, it appears that many organizations have not yet installed the patch."

Indeed.

Media paid major attention to the "dump," but apparently not everyone got or heeded the warning.

[NOTE: SAS in Cary suffered a network outage on Friday but denied being hacked.]

As of Friday afternoon, some 45,000 attacks had been reported. Among those hardest hits with demands for payment was the U.K. health system.

"It was not immediately clear who was behind the attacks, but the acts deeply alarmed cybersecurity experts and underscored the enormous vulnerabilities faced by disjointed networks of computer systems around the world," The New York Times added.

And the attack could be even larger.

"It’s important to note that our visibility may be limited and incomplete and the range of targets and victims is likely much, much higher."

It's also very international in scope, detailing the attack in multiple languages, the report points out:

"Bulgarian, Chinese (simplified), Chinese (traditional), Croatian, Czech, Danish, Dutch, English, Filipino, Finnish, French, German, Greek, Indonesian, Italian, Japanese, Korean, Latvian, Norwegian, Polish, Portuguese, Romanian, Russian, Slovak, Spanish, Swedish, Turkish, Vietnamese."

The attack: What victims were told

Here's what the hackers said had happened and what they demanded, according to SecureList, in English:

Your important files are encrypted.
Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to
recover your files, but do not waste your time. Nobody can recover your files without our decryption service.

Sure. We guarantee that you can recover all your files safely and easily. But you have not so enough time.
You can decrypt some of your files for free. Try now by clicking .
But if you want to decrypt all your files, you need to pay.
You only have 3 days to submit the payment. After that the price will be doubled.
Also, if you don't pay in 7 days, you won't be able to recover your files forever.
We will have free events for users who are so poor that they couldn't pay in 6 months.

Payment is accepted in Bitcoin only. For more information, click .
Please check the current price of Bitcoin and buy some bitcoins. For more information, click .
And send the correct amount to the address specified in this window.
After your payment, click . Best time to check: 9:00am - 11:00am GMT from Monday to Friday.
Once the payment is checked, you can start decrypting your files immediately.

If you need our assistance, send a message by clicking .

We strongly recommend you to not remove this software, and disable your anti-virus for a while, until you pay and the payment gets processed. If your anti-virus gets
updated and removes this software automatically, it will not be able to recover your files even if you pay!

Read the report, which includes information about remediation, at:

https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world





Menu