WannaCry, a relatively new addition to the ransomware scene, wreaked havoc on networks worldwide, starting with UK's National Health Service (NHS) on Friday May 12th and by Monday had reached over 300,000 computers in 150 countries according to a report on npr.org.
We've discussed it before, but Ransomware is particular type of malicious software or malware that will take your data hostage in return for a monetary ransom. In the early days, this was requested by sending Visa prepaid and iTunes gift cards. With the advent of digital currencies such as Bitcoin, it has grown, to the point that ransomware incidents will actually drive up the value of bitcoin during these events. In the case of modern ransomware, and WannaCry is no exception, it works to encrypt or scramble your files with a unique password which will be unlocked with the paid ransom.
Some tools used by the National Security Agency was exposed by a group calling itself the Shadow Brokers. They claimed to have stolen these tools from an internal NSA hacking group called the Equation Group. In April a bunch of these tools were exposed publicly including several that work against Microsoft products. Microsoft had patched these vulnerabilities in March (speculation is that the NSA informed Microsoft of these vulnerabilities after their tools were compromised).
This malware spread globally because it not only had to rely on people clicking on a malicious link in email (which is what is alleged here) but would move throughout the network hitting unpatched machines (computers that haven't gotten the latest fixes from Microsoft), In addition computers that were exposed to the Internet that hadn't been patched yet were also infected without any person having to click on anything. In addition to encrypting your files, this variant was also dropping a remote access trojan (RAT) so they can come back and access your computer again in the future.
Fortunately a group of security researches at MalwareTech.com discovered a kill switch, which is a trigger to stop the malware from further spreading, and it has died down. However, as predicted, there are new variants without the kill switch that are starting to be seen in the wild.
We're here to help you. We're taking all the necessary steps to protect our clients. No process is 100% so there are always some good practices you should take:
I started Triada Networks in 2008 to service boutique asset managers and to help registered investment advisers get the most of their technology investments. I’ve been providing information technology solutions for the financial services community in New York Metro for a long time now, and I’ve seen how businesses must adapt to the changes in the market and in technology in order to succeed.