Biggest Global Cyber Attack Ever? 10 WannaCry Ransomware Facts
A global cybersecurity attack (often involving WannaCry ransomware) today crippled healthcare systems in the United Kingdom and put security operations centers (SOCs) on alert in numerous countries. Here are 10 facts to know.
1. Attack Reach: More than 45,000 attacks across more than 100 countries, according to Kaspersky Lab. Also, Avast saw 57,000 infections in 99 countries — including major hits in Russia, Ukraine and Taiwan, Reuters said.
2. Major Victims: FedEx, Britain’s National Health Service and the Russian Interior Ministry, according to multiple reports.
3. U.S. Relatively Unscathed: Only a small number of U.S.-headquartered organizations were hit because the hackers appear to have begun the campaign by targeting organizations in Europe, Symantec told Reuters. Consulting firms in the US, such as Compliancy Group, have reached out to VARs and MSPs to put them on alert about the attacks.
4. The Security Hole: Hackers apparently exploited a Microsoft Windows flaw that was discovered earlier by the National Security Agency, The New York Times said.
5. Ransomware Involved: It was a variant of WannaCry.
6. The Microsoft Fix: Microsoft added detection and protection against Ransom:Win32.WannaCrypt, the company said today.
7. Payment Demands: The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access, Reuters reported.
8. Preventable Attack: If everyone just kept their boxes up to date we wouldn’t have the current viral conflagration, of course, but as usual that’s too much to ask, TechCrunch asserted.
9. Curious Timing: The attacks arrived one day after President Trump signed a cybersecurity order that strives to lock down government systems.
10. The Hackers: So far, their names are not known.
How MSPs, VARs, Partners Can Take a Stand
Time for MSPs, VARs, partners and businesses to take a firm stand and truly safeguard customer assets. To learn how, stay tuned for ChannelE2E’s next major move — coming May 23. Ask Amy Katz ([email protected]) for details…
Maybe some good news – at least temporarily. Bleeping Computer reports:
UPDATE [May 12, 2017, 08:05 PM ET]: The spread of the Wana Decrypt0r ransomware has been temporarily stopped after security researcher MalwareTech has registered a hardcoded domain included in the ransomware’s source code. Wana Decrypt0r connected to this domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) before it started its execution. With the domain down, the ransomware does not start anymore. Cisco Talos has confirmed the information.