Last updated on May 16th, 2017 at 12:27 pm EST
WannaCry Ransomware has hit Spain, Italy, Portugal, Russia and Ukraine as well. Just a few minutes ago we reported that Britain’s NHS was under a cyber attack, well that was not it. It looks like that this might a worldwide cyber attack.
The attack has been confirmed by Spain, with telecom major Telefonica being hit by the ransomware. Other Spanish firms such as Iberdrola and Gas Natural have taken preventive measures because in wake of the attacks. They have asked their employees to cut off access to the internet. “There has been an alert relating to a massive ransomware attack on various organisations, which is affecting their Windows systems,” Spain’s National Cryptology Centre said in a statement.
A Picture of ransomware in Spanish
Pictures from a university in Italy.
Other countries which have been reportedly hit by the ransomware attack include Italy, Portugal, Russia and Ukraine.
No word on whether all these attacks are related or not.
These attacks are spreading via a computer worm so they are definitely a planned attack.
Add Vietnam, Kazakhstan and Taiwan to the list as well.
USA as well. Security experts link the attack to vulnerabilities released by “The Shadow Brokers”, who recently dumped hacking tools stolen from NSA.
Microsoft patched the vulnerability (also known as ETERNALBLUE or MS17-010) in March 2017, but a lot of systems have not installed the patch hence all the mayhem.
We have map of affected countries courtesy MalwareHunterTeam.
Russian telecom giant Megfon and Russian Ministry are shutting down.
— Vasily Gatov (@vassgatov) May 12, 2017
Latest update from Avast
says that more than
57,000 75,000 infections have been detected word wide, and it’s spreading like wild fire.
Wallpapers of users have also been changed.
They also tell us how “Wana Decrypt0r 2.0” works:-
The ransomware changes the affected file extension names to “.WNCRY”, so an infected file will look something like: original_name_of_file.jpg.WNCRY, for example. The encrypted files are also marked by the “WANACRY!” string at the beginning of the file.
FedEx is also affected. “Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware, We are implementing remediation steps as quickly as possible.” it said in a statement.
74 (99 as per Avast) countries are affected and fast spreading.
So far, we have recorded more than 45,000 attacks of the #WannaCry ransomware in 74 countries around the world. Number still growing fast.
— Costin Raiu (@craiu) May 12, 2017
WannaCry ransomware seen at Frankfurt railway ticket machine as well.
— Marco Aguilar (@Avas_Marco) May 12, 2017
Amounts received by hackers so far, as of 2105 EST.
Total Transactions: 35
Total BTC Received: 6.13054328BTC
Total Est. USD: $10133.72673640
WannaCry Ransomware has been stopped after affecting 153,600 computers. For the nerds, below is the piece of code. The malware checked for a domain, if it existed it would shut down. That’s what was done, someone registered the domain.You can find details of how it was stopped here.
Microsoft also issued a patch for Windows XP and Windows 8. You can find it here.
So I can only add"accidentally stopped an international cyber attack" to my Résumé. ^^
— MalwareTech (@MalwareTechBlog) May 13, 2017