Lundi, 23 Octobre 2017
Latest news
Main » WannaCry explained: What is WannaCry ransomware and how does it work?

WannaCry explained: What is WannaCry ransomware and how does it work?

19 Mai 2017

Security firms are encouraging companies and users to make sure they install the official patch from Microsoft.

Spanish banks La Caixa, Bankinter and Sabadell said they had all taken measures. The organisation was still in the midst of recovering from another IT failure which had led to it cancelling 136 operations and hundreds of chemotherapy appointments.

The attack grew over the weekend after emerging on Friday afternoon (12 May) from 45,000 victim systems to an estimated 200,000, crippling large organisations from the NHS in the United Kingdom to Renault factories in France, Telefónica in Spain as well as Russia's second largest mobile operator, MegaFon. He added that the US government does not recommend paying the ransom and warned that making a payment to the hackers doesn't guarantee that access to computer files will be restored.

The attack on the NHS is still ongoing, with many experts foreseeing more problems as workers return to their desks today.

The full extent of the damage from the cyberattack felt in 150 countries was unclear and could worsen if more malicious variations of the online extortion scheme appear. The US Department of Homeland Security's computer emergency response team said it was aware of ransomware infections "in several countries around the world".

Tarun Kaura, Director -Product Management - Asia Pacific Japan, Symantec said, "In 2016, we identified over 100 new malware families released into the wild, more than triple the amount seen previously, and a 36% increase in ransomware attacks worldwide. It's viewed as a private problem, not a national strategic problem", he says.

One school in South Korea barred its pupils from using the internet.

"It is still possible that further incidences will arise and a sustained period of vigilance will be required, both in terms of updating and patching software and monitoring equipment".

MSPs were told that approximately one per cent of computers in the NHS in Scotland were affected by the attack, but no patient data had been lost.

"If there is no delay, this course of action will go a long way to preventing huge disruption to most organisations". Still, many are urging consumers not to pay the ransom if they can avoid it because giving in simply encourages attackers to pump out more ransomware, and victims may not get their data back even if they do pay. No major Indian corporations reported disrupted operations.

"The attack targeted machines that use older software (Windows XP, Windows 2003, Windows 8) and US companies tend to adopt modern systems on a more regular basis", said Kevin O'Brien, chief executive officer of GreatHorn, a Boston-based security company.

Paying ransom will not ensure any fix, said Mr Eiichi Moriya, a cybersecurity expert and professor at Meiji University.

Other tools from the presumed NSA toolkit published by the Shadow Brokers have also been repurposed by criminals and are being sold on underground forums, researchers said.

New variants of the rapidly replicating malware were discovered Sunday.

The U.S. was mostly saved when a kill switch stopped the malware from spreading.

Mr Ryan Kalember, senior vice president at Proofpoint which helped stop its spread, said the version without a kill switch could spread.

"When we say that the health ministry was attacked you should understand that it wasn't the main server, it was local computers. actually nothing serious or deadly happened yet", German Klimenko, a presidential adviser, said on Russian state television.

WannaCry explained: What is WannaCry ransomware and how does it work?