WannaCry Ransomware: What We Know Monday
- Author: Zachary Reyes May 17, 2017,
May 17, 2017, 23:48
Stock exchanges - the BSE and the NSE - have advised trading members to undertake "appropriate actions" tackle any threat from the ransomware WannaCry, which has hit computers and networks across the world.
WannaCry is not just a ransomware, but also a worm.
A NYC area email security provider, IT consultant and MSP presents simple steps that organizations can take to prevent successful ransomware attacks-in a new ransomware defense article on the eMazzanti Technologies website.
Once Microsoft released the patch for the vulnerability - exploited by hacker group "Shadow Brokers" after stealing a software from the US National Security Agency (NSA) - some Window XP users installed the update called "Microsoft Security Bulletin MS17-010" on their desktops and laptops. Smith urged the government "to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them", as the company called for in February when it proposed a new Digital Geneva Convention.
The version of WannaCry that spread through EternalBlue on Friday had a quirk: It tried to contact an unregistered domain and halted its execution when it could reach it, stopping the infection.
The damage was contained by a 22-year-old security researcher who goes by the name @MalwareTechBlog on Twitter.
"Upon learning of these incidents, McAfee quickly began working to analyse samples of the ransomware and develop mitigation guidance and detection updates for its customers". This led researchers to conclude that it's likely not the work of the original authors.
"Effectively, what Microsoft is saying is they don't want any government hoarding zero days because of situations like this", Grossman told NBC News. He also gave kudos to Microsoft for having released a patch for the ransomware in March.
Microsoft president and chief legal officer Brad Smith said on Sunday: "We have seen vulnerabilities stored by the Central Intelligence Agency show up on Wikileaks, and now this vulnerability stolen from the NSA has affected customers around the world". The WannaCry ransomware exploited this vulnerability in old versions of Windows; computers without upgraded defenses were ripe targets for cyber blackmail and theft. Most operating systems have a setting to download and install security updates automatically.
In West Bengal's West Midnapore district, at least eight computers of the state-run electricity distributor were affected. Because numerous computers impacted run older Windows systems like XP, Microsoft issued a rare patch for XP, which it had stopped updating more than three years ago. This particular ransomware program, the Telegraphreports, locks up all data on a computer's operating system except a file with instructions for the user and the malicious software. This is the case for ATMs, medical devices, ticketing machines, electronic self-service kiosks, like those in airports, and even servers that run legacy applications that can't easily be reengineered. In India, the banking system fought today to protect its systems.
"Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware", the spokesperson said in a statement.
The cybercompanies' research will be closely followed by law enforcement agencies around the world, including Washington, where President Donald Trump's homeland security adviser said on Monday that both foreign nations and cybercriminals were possible culprits.