World Biggest Ransomware Attack Hits 74 Countries
World Biggest Ransomware Attack Hits 74 Countries
- Approx 74 countries affected
- Currently, 45000 computers are infected
- Many Hospitals have reported about Ransomware Attack.
- Ransomware Using NSA Windows Exploit
- Cyber attackers ask Ransom in return of Bitcoin payment address.
Kaspersky detected and successfully blocked a large number of Ransomware attacks around the world, data is encrypted with the extension “.WCRY” added to the filenames.
Kaspersky analysis indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 ( you can read our post here about the dumps and downloads) and patched by Microsoft on March 14.
But many organizations who did not patch their systems are open to Ransomware attacks.
Currently recorded more than 45,000 attacks of the WannaCry ransomware in 74 countries around the world, mostly in Russia.
 |
| Image source: Kaspersky |
British Prime Minister Theresa May said, “We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack. This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected,” May said, referring to the country’s National Health Service.
“The National Cyber Security Centre is working closely with NHS digital to ensure that they support the organisations concerned and that they protect patient safety,” May added.
A official statement from National Health service (NHS)
A number of NHS organisations have reported to NHS Digital that they have been affected by a ransomware attack.
The investigation is at an early stage but we believe the malware variant is Wanna Decryptor.
This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors.
At this stage we do not have any evidence that patient data has been accessed.
NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and ensure patient safety is protected.
Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available.
According to Telegraph, Andrea Zapparoli Manzoni, a senior manager in the Information Risk Management division of Kpmg Advisory in Italy, said: “The ransomware attack is happening in a haphazard fashion and is hitting every country in the world, including Italy.”This particular ransomware contains a vulnerabilty, called Eternal Blue, which was developed in U.S. intelligence circles and was then stolen. That gives you an idea about why the level is risk is particularly high. The aim isn’t to hit any specific country but to strike as widely as possible to make money.”
Hospitals were a prime target, Manzoni said, because “they are very vulnerable to cyber attacks and ready to pay because they cannot afford any shutdowns.”
- Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).
- Less common and nation-specific office formats (.sxw, .odt, .hwp).
- Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)
- Emails and email databases (.eml, .msg, .ost, .pst, .edb).
- Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).
- Developers’ sourcecode and project files (.php, .java, .cpp, .pas, .asm).
- Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg, .aes).
- Graphic designers, artists and photographers files (.vsd, .odg, .raw, .nef, .svg, .psd).
- Virtual machine files (.vmx, .vmdk, .vdi).
How To Protect?
- Update your Windows Latest Version now.
- Backup your files now
