Cofense - Security Awareness Training & Email Threat Detection

WCry / WannaCry Ransomware Devastates Across the Globe

Share This Article

A strain of encryption malware, or ransomware, is making a global presence today as numerous organizations struggle to respond. Reports of infections were found all over the globe.

Image 1-3 for Cofense Website
Source: Twitter, Inc.

Once executed, the exploit, dubbed “EternalBlue” spreads via a Windows network share vulnerability to infect other machines accessible on the same network. A software patch has been available since March of this year, but many organizations have not yet updated to the latest release.  Interestingly, WIRED magazine notes that the vulnerability was first discovered as part of an alleged dump of NSA hacking tools from the Shadow Brokers hacking group.

This is the second ransomware attack in the last two weeks which, like the “Google Doc” phishing attack, uses a worm-like ability to spread.

Kaspersky Lab reports that the WCry ransomware has numerous languages available and was designed to affect multiple countries. Ransom for the encrypted files increases over time, with a warning that all encrypted files will be lost at a set date and time in the future. The ransom is demanded in bitcoin payment using Tor.

PhishMe recommends that users be on the lookout for any suspicious emails with attachments they have not requested or are expecting. Furthermore, software patches should be installed as soon as possible.

Curious to learn more? Read our blog post featuring 6 tips on what you can do about WannaCry ransomware.


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.