HackDig : Dig high-quality web security articles for hacker

WannaCry Ransomware Racing Around the World, Wreaking Havoc

2017-05-13 12:35

This is a special rapid response blog to breaking news about the WannaCry ransomware attack that is now being seen in more than 100 countries. We’ll be updating our blog with additional news as we learn more. 

“No x-rays/bloods/bleeps/phones/notes.
This is unprecedented.
It will be a miracle if no-one comes to harm.”

This dramatic tweet from an National Health Service (NHS) doctor based in Manchester indicates the seriousness of today’s global ransomware event.

Around lunchtime in the UK, various computers with in the NHS started to fall victim to what appears to be a variant of the wannacrypt ransomware also called WannaCry. At the time of writing it appear that as many as two thirds of NHS trusts are affected and patients are being turned away.

We’re talking WannaCry: free webcast with
Bromium engineers on Monday. Register now.

The cost of this will be enormous.

It now appears that the event is not targeted and very much global with organisations in China, UK, USA and others affected. The costs of this attack will be extremely high and repercussions will be felt for some time.

Full details of how the attack started are not yet known but reports indicate that once it is active on an endpoint the malware spreads through the organisation’s network using the NSA’s ExternalBlue SMB attack which was recently leaked. This results in the WannaCry malware being able to move through the rest of the network without any further user interaction which is extremely damaging as it can spread very quickly and leaves very little time for the security team to react.

Customers fully-deployed with Bromium’s isolation technology will be fully protected.

The infected file isolated within the micro-VM (learn about virtualized security) will be unable to connect to the local intranet due to the network isolation technology known as “Containment” which is designed to prevent exactly this sort of lateral movement through a computer network (watch it work). Containment works by preventing DNS resolution and connections to IP addresses used on the corporate network from untrusted uVMs which could potentially be running malicious code, the result is that the malware is unable to find its way around the network. This technique will neutralise the ExternalBlue SMB attack.

Bromium Customers: please click here to check your settings.

Expect to see more of this sort of attack in the coming months and it is advisable to patch Windows as soon as possible. When the ExternalBlue attack was leaked, Microsoft patched all modern versions of windows making the attack ineffective.

Windows XP is not yet patched and remains vulnerable.

Windows XP machines should be isolated as much as possible; Internet access should be removed and isolated from the rest of the network.

WannaCry is moving quickly around the world. This snapshot from 5pm Friday, PT.

The post WannaCry Ransomware Racing Around the World, Wreaking Havoc appeared first on Bromium.


Source: /covah-skaerw-erawmosnar-yrcannaw/moc.muimorb.sgolb

Read:3017 | Comments:0 | Tags:Breaking News Threats breach breaking news endpoint microsof

“WannaCry Ransomware Racing Around the World, Wreaking Havoc”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud