Ransomware cyber attacks are quickly becoming the preferred method of attack by cybercriminals. WannaCry, the latest global incident, is particularly damaging because it is also a worm—not just a ransomware program. As a result, it looks for other computers to spread to. When it infects a new computer, it encrypts the data and locks out the owner until a minimum of $300 in bitcoin is paid. To achieve its unprecedented rate of circulation across networks, WannaCry ransomware utilizes a Windows OS vulnerability that was recently exposed as part of the leaked NSA hacker tools.
Microsoft has released a public bulletin along with patches for Windows XP, Windows 8, and certain server platforms that did not receive the original MS17-010 update. You may view their announcement in full here.
Whether you call it WannaCry, WannaCrypt, WCrypt, Wanacrypt0r, WCry, or one of the other names currently vying for the “call me this” crown, the ubiquitous ransomware which brought portions of the UK’s NHS to its knees over the weekend along with everything from train stations to ATM machines is still with us, and causing mayhem Worldwide. As a result, our regular roundup has been replaced with what will hopefully serve as a useful place to collect links related to the attack.
First thing’s first: this was a big enough incident that Microsoft created a special patch for Windows XP users, some three years after it had the plug pulled on support. Regardless of Windows OS, go get your update.
Now that we have that out of the way, here’s some handy links for you to get a good overview of what’s been going on:
- A rundown by our good selves, detailing the spread and tactics used by this worm to deposit Ransomware globally.
- A deep dive into the Malware by one of our Malware research specialists.
- Watching the infection bounce around doctor’s surgeries.
- How the purchase of a URL dealt a massive blow to the previously unstoppable spread.
- What happens when the URL purchasing White Hat is doxxed by the press.
- People are paying to retrieve files, but it seems they’re taking quite a gamble.
- The Malware authors are processing decryption manually. If you pay, but they can’t be bothered / their PC explodes / they’re hauled off to jail, you’re definitely not getting files back anytime soon.
- More problems: fake decryption tools. Misery begets misery.
- It may be down, but it most certainly isn’t out with fresh infections still taking place.
- Accusations of an amateur hour operation, despite the problems caused so far.
- Another “kill-switch” domain has been registered, hoping to slow the follow-up tides of Ransomware related doom.
- The hunt is now on for the people behind it all. They’ve managed to annoy at least 3 major spy agencies, so good luck I guess.
- And finally…
This is a rapidly changing story, with a lot of valuable follow-up data being posted to haunts favored by security researchers such as Twitter, and we’ll likely add more links as the days pass. Update your security tools, patch your version of Windows and stay safe!
