Friday 12th May witnessed the cyberattack of a RansomWare WannaCry, WannaCrypt0r or WannaDecryptor which targets Microsoft Operating system, encrypting data and demanding a ransome in bitcoin. This ransomeware afected 300,000 computers in 150 countries and the most affected countries were Russia, Taiwan, Ukraine and India. The rate of this attack peaked when 9000 computers got hit per hour last friday.
This wannacry ransomware uses the EternalBlue exploit generally believed to have been develped by the NSA. The EternalBlue exploits a vulnerability in Microsoft’s implementation of Server Message Block (SMB) protocol(vulnerability: CVE-2017-0144). This EternalBlue cyberspying tool is said, stolen by a hacker group known as The Shadow Brokers which they released online. It is also reported that some code snippets in the earlier versions of this ransomware also appeared in some programmes used by the Lazarus Group.This vulnerability is patched, suggests Microsoft’s security bulletin MS17-010 (released on 14 May 2017).
The Wannacry Ransoms starts at $300 in Bitcoin.This typically arrives as a Dropper Trojan that contains the exploit kit and the ransomware itself. This Dropper attempts to connect to some remote servers to download the ransomware.
More useful Links
RansomWare: Article from Spyware Website