A massive ransomware attack has hit – and it’s global this time. As of May 12 at 3:00 pm Pacific, more than 75,000 attacks in 99 countries have been reported with the majority of the attacks targeted in Russia, Ukraine and Taiwan. CNN Tech reported:
“The ransomware, called "WannaCry," is spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March. But computers and networks that haven't updated their systems are at risk.”
Also known as “Wanna”, or “Wcry”, the virus copies an exploit codenamed “EternalBlue” that the NSA used for years to remotely commandeer computers running Microsoft Windows. It's not clear if the EternalBlue is Wcry's sole means of spreading the virus, or if it has multiple methods of propagating. The rapid outbreak of Wcry may be an indication that many, or possibly all, of the companies hit had yet to install a critical Windows patch more than two months after it was released.
When a machine is affected, users have six hours to pay a ransom, and that amount continues to increase every few hours if left unpaid. Already hospitals and 16 National Health Service (NHS) organizations in the UK have been hit, and some of them have canceled outpatient appointments advising people to avoid emergency departments altogether, if possible.
UK-based security architect Kevin Beaumont claimed "It is going to spread far and wide within the internal systems of organizations -- this is turning into the biggest cybersecurity incident I've ever seen.” Beaumont continued to say that it is extremely likely the ransomware will spread to U.S. firms too:
“The ransomware is automatically scanning for computers it can infect whenever it loads itself onto a new machine. It can infect other computers on the same wireless network. So, for example, if your laptop is infected and you went to a coffee shop, it would spread to PCs at the coffee shop. From there, to other companies."
Because this particular virus has something called a ‘hunter’ module, it can seek out other PCs on internal networks making anyone vulnerable – whether they directly interact with the virus, or not. Using certain vulnerable areas within Microsoft’s March security patch, the malware is able to spread across internal networks, infecting entire businesses like wildfire with no way to control the breadth of reach. Even scarier, once computers have been affected, the malware immediately spreads without depending on any help from human touch. This newly discovered threat works autonomously, without depending on users to open email attachments, click on links, or taking any action at all.
By applying the patch released in March, companies can prevent their systems from WannaCry infections; although, it won’t do any good for machines that have already been hit. According to Matthew Hickey, founder of the security firm Hacker House:
“Friday's attack is not surprising, and it shows many organizations do not apply updates in a timely fashion. When CNNTech first reported the Microsoft vulnerabilities leaked in April, Hickey said they were the "most damaging" he'd seen in several years, and warned that businesses would be most at risk.”
Ransomware attacks have seen exponential growth in the last year, taking captive millions of victims from small to large businesses in the legal, finance, and healthcare industries. In today’s digital landscape where threats are a common and detrimental occurrence, moving to a secure, fully managed private cloud with multiple layers of access security has become necessary towards achieving a secure IT infrastructure.