Crazy Ransomware based on NSA tool spreads across the Globe!

The Security Defenders are working overtime today to stop WCry [ WannaCry ]. Right now, 45,000 attacks of the WannaCry ransomware are reported in 74 countries around the world. This is pretty bad, there are reports of Hospitals being shut down due to this, Service Providers shutting down their computers and many other reports out there of companies affected.

According to Kaspersky, WCry is leveraging an SMBv2 Remote code execution, derived from the NSA Tool kit.    Here is the US-CERT Confirmation of WCry.

MS17-010 is the Patch MS released in April  to address the vulnerability this piece of ransomware is using and if this is not on your system; you are vulnerable.

Close Firewall ports 445/139 & 3389.

Here is a Live MAP at Malware Tech, monitoring the Spread

Kaspersky’s Global Lab has a Solid Write Forensic Up

Fig 1, Machine infected with WCry  Image via Twitter Malware Hunter Team.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s