Select date

April 2024
Mon Tue Wed Thu Fri Sat Sun

Widespread Ransomware `Wannacry´ Linked to NSA Exploit

15-5-2017 < SGT Report 71 512 words
 

by Jamie Redman, Bitcoin.com:



According to many reports across the web, a string of ransomware attacks has infected thousands of businesses from 99 countries worldwide. Sources say over 75,000 users globally were affected because of leaked NSA exploit published by the hacker group the Shadow Brokers.


Wana Ransomware Infects 75,000 Computers Worldwide


A massive epidemic has recently stricken in close to a hundred countries, with more than 75,000 detections of the ransomware called Wanacryptor 2.0 (Wana). According to the Avast security blog and Krebs on Security a significant portion of businesses targeted stemmed from Taiwan, the Ukraine, and Russia. Additionally, a string of hospitals from Europe was attacked, Chinese Universities, the UK’s National Health Service (NHS), and the Spanish telecommunications giant Telefonica.



The Wana software is a malicious protocol that encrypts an individual or company’s files and demands a ransom to unlock the content. Reports from the Financial Times and other news outlets say the tool is linked to the group theShadow Brokers and the recently leaked NSA exploits. Krebs on Security also details the ransomware is spreading due to a backdoor in Windows software.


“There are indications the malware may be spreading to vulnerable systems through a security hole in Windows that was recently patched by Microsoft,” the security firm details.


Widespread Ransomware Infecting Thousands Linked to NSA Exploit


Windows Vulnerability


Wana infects a computer using the extension WNCRY which is tethered to the encrypted files. Malware Hunter Teamwas the first to notice the Wana malware and told the public a few weeks ago. The attack not only encrypts files but also downloads the latest Tor client for ransomware communications. To unlock the computer’s files, some amount of bitcoin must be sent to an address provided by the software. According to CCN-CERT, the tool attacks a vector in the Windows Server Message Block protocol, which has enabled the ransomware to spread exponentially across 75,000+ operating systems globally.


Widespread Ransomware Infecting Thousands Linked to NSA Exploit


There are over 100 strains of ransomware, but this particular case is being called the worst malware epidemic yet. One that also involves a Windows exploit allegedly crafted by the U.S. National Security Agency. So far reports detail a few businesses around the world are refusing to pay the ransom and some security groups believe a remedy will be found soon.


However, the attackers have so far accumulated at least 6.46 BTC (US$ 10,000) between three addresses hard-coded into the software. Investigators say they find it odd the attackers chose to use the same bitcoin addresses.


Read More @ News.Bitcoin.com

Print