A new ransomware attack is taking over where CryptoLocker left off, and it looks like it may be the most destructive ransomware attack yet.
Move over CryptoLocker because there's a new ransomware in town and it looks like it could be one of the most destructive attacks we've ever seen. Already, it's hit major companies and governmental organizations across 150 countries, and it's still spreading quickly. More specifically, it's been estimated that more than 200,000 computers have been infected worldwide. As one of the most widespread and destructive ransomware attacks out there, here's what you need to know.
The WannaCry attack is a variation of the WanaCryptor ransomware attack that was noticed in early March. However, even with an early detection in March, it's been picking up a lot of steam and spreading quickly - especially in the UK and Spain. The most high-profile victims so far have been Telefonica - the massive telecom company based in Spain; Gas Natural - a large European natural gas company; Iberdrola - a Spanish electrical company; and the National Health Service facilities in the UK. The NHS hit is especially worrisome with so many sensitive patient data files that could potentially be at risk.
The WannaCry ransomware attack exploits a pretty well known vulnerability in Windows called "Eternal Blue". This vulnerability is thought to have originated from the NSA (National Security Agency) in the U.S. and was part of a major dump of NSA tools from a hacker organization called the Shadow Brokers. Possibly the most frustrating aspect of the quickly spreading ransomware attack is that Microsoft released a security patch for the exploit in March, called MS17-010. Unfortunately, it seems that many companies and organizations either weren't in-the-know about the exploit or didn't see it as a serious security priority. But with such a rash of high-profile infections, it's difficult to ignore this particular ransomware as a major threat.
As is the case with most ransomware attacks, WannaCry works by encrypting the data on a user's computer and essentially holding it hostage until the user pays a ransom through a cryptocurrency like Bitcoin. In this case, it seems to be the same $200 to $300 that we saw before with CryptoLocker.
If you haven't been hit yet with the WannaCry attack, it's hugely important to protect your computer network from the attack by patching the exploit. You can find more information on Microsoft's website.