A large-scale ransomware attack was initiated worldwide on May 12 at around 7:00 PM UTC, crippling portions of a hospital information network in the UK and Spain’s Telephonica telecommunications firm. The ransomware, called "Wanna Decryptor", is alleged to be exploiting a U.S. National Security Agency hacking tool that exploits vulnerabilities in computers using older versions of Microsoft Windows such as Windows XP.
The UK’s National Health Service reports that they have no evidence that patient information has been compromised or stolen in any way: rather, ransomware such as Wanna Decryptor encrypts the data on the computer infected with it, making it inaccessible. The program includes instructions to have the data unlocked — for a $300 to $600 fee, of course — and includes a time limit, threatening to delete the data after seven days.
The vulnerabilities exploited by malware such as this came to light last month, as part of a series of hacking tools that were leaked onto the internet. The hacking tools involved are believed to have originated from the NSA, including an exploit, codenamed EternalBlue, that can be used to access computers running older versions of Windows, such as Windows Server 2003. The exploit has long since been patched by Microsoft for versions of Windows that are still eligible for support, but many companies and organizations are still using older iterations of the operating system.
According to the cybersecurity research firm MalwareTech, the attacks began around 7:00 PM UTC, with a sudden, simultaneous surge about fifteen minutes later. Their tracking page is, as of this writing, showing scattered attacks across the globe, concentrated mostly in Russia and Europe, albeit with large clusters of attacks in China and the US.
Security experts are urging organizations to apply appropriate software patches to their systems, to close the exploit to the ransomware. In response to a series of directed denial of service attacks aimed at Unknown Country over the past few years, Whitley has installed heavy security measures protecting the site: Rest assured, Unknown Country won’t be going down.
Subscribers, to watch the subscriber version of the video, first log in then click on Dreamland Subscriber-Only Video Podcast link.