A strain of encryption malware, or ransomware, is making a global presence today as numerous organizations struggle to respond. Reports of infections were found all over the globe.
Once executed, the exploit, dubbed “EternalBlue” spreads via a Windows network share vulnerability to infect other machines accessible on the same network. A software patch has been available since March of this year, but many organizations have not yet updated to the latest release. Interestingly, WIRED magazine notes that the vulnerability was first discovered as part of an alleged dump of NSA hacking tools from the Shadow Brokers hacking group.
This is the second ransomware attack in the last two weeks which, like the “Google Doc” phishing attack, uses a worm-like ability to spread.
Kaspersky Lab reports that the WCry ransomware has numerous languages available and was designed to affect multiple countries. Ransom for the encrypted files increases over time, with a warning that all encrypted files will be lost at a set date and time in the future. The ransom is demanded in bitcoin payment using Tor.
PhishMe recommends that users be on the lookout for any suspicious emails with attachments they have not requested or are expecting. Furthermore, software patches should be installed as soon as possible.
Curious to learn more? Read our blog post featuring 6 tips on what you can do about WannaCry ransomware.