The EU facing a wide spread ransomware outbreak, most notably within UK’s National Health Service (NHS). Hospitals are rerouting patients and asking them not to come unless it’s a critical emergency.
The type of ransomware making its way through many organizations and industries today is called Wanna Decryptor. The malicious software — known as the Wanna Decryptor, or WannaCry — locks a system and its files from use unless money is paid to hackers.
If you see a screen like this, that’s Wanna:
Researchers are not sure why it’s spreading so quickly all of a sudden. We believe it’s because Wanna exploits a Microsoft Windows vulnerability in the file sharing protocol (SMB – Server Message Block). This protocol has been around for decades but is only accessible once malware gets onto an organization’s LAN (Local Area Network). We believe that it took a while to “seed” Wanna but once it got in, it spread quickly across local networks that are vulnerable to MS17-010
How does the Wanna Decryptor Ransomware spread throughout the world?
MS17-010 takes advantage of an SMBv1 vulnerability that allows for remote code execution. That means that the ransomware can replicate itself on neighboring computers fairly easily.
Large organizations are going to be more affected by Wanna then homes and small business. This is just due to the size of corporate networks, and how many neighboring PC’s there are.
This doesn’t mean that home users are immune. The infection point can still occur from traditional methods such as malware click bait.
How to protect your systems from ransomware?
Ransomware is a serious threat to our home user community, first and foremost. It’s necessary for all to backup their data once a week. Not to click on the malicious links that cause malware to be installed in the first place. If you have CUJO device, make sure your safe browsing feature is enabled to get maximum protection.
Malwares and ransomwares change their shape and are very hard to detect, even when traditional signature based antivirus software is installed on PC’s. It takes a while for AV companies to update their signatures, and for some users that could be too late.