To their utter dismay, May 12, 2017 saw firms and organizations in many countries around the world, including geopolitical rivals Russia and the US, suffer from mass attacks of the Malware WannaCry. This ransom malware appropriately also goes by the names of WCry, WannaCry, WannaCrypt0r and WannaCrypt – it did make some cry.
In a few hours WannaCry infected tens of thousands of devices. Experts from Avast have indicated that upwards of 57000 devices have already been infected. It is understood that Taiwan, Russia and Ukraine were the main targets of the Malware – quite a strange mix. Quoting specialists from Kaspersky, a Russian news agency reported about 45,000 WannaCry attacks in 74 countries around the world, with Russia being the most affected.
Corporate victims include the likes of Fedex, Spanish majors such as Telefonica, Gas Natural, Iberdrola and Santander Bank, and KPMG. The health care sector, already amongst the most vulnerable, was also hit. Targets here included UK’s National Health Service and other medical institutions in the UK
According of journalists of “Medusa”, Russian targets included MegaFon, the Ministry of Internal Affairs and the Investigative Committee of the Russian Federation.
This malware, WCry, was first discovered in February 2017. It has evolved and “mutated” over the last few months, and the more potent Vesion 2.0 uses an SMB-exploit of the NSA from a toolkit published earlier by hacker group The Shadow Brokers.
It is believed that “Kafeine”, a French expert, was one of the first to discover the new mutation of Trojan. Kafeine realised that WannaCry was updated and adopted exploit EternalBlue. This exploit was written by NSA whiz kids to use vulnerabilities in SMBV1. A few other security specialists confirmed the discoveries of Kafeine.
Microsoft, in March 2017, developed a fix for ETERNALBLUE. However, paranoia is yet to set in amongst many computer users, and thus many did not make use of the fix. This lackadaisical attitude has now been exploited. As always, a sense of déjà vu prevails amongst cyber security pros.
For those interested, please click below to observe the spread of WannaCry in real-time – . https://intel.malwaretech.com/WannaCrypt.html