Global Ransomware Attack Strikes 70K Systems (& Counting)

A wave of ransomware attacks based on a Shadow Brokers vulnerability strikes Telefonica and organizations worldwide.

A massive global ransomware attack is underway and, according to researchers at
Kaspersky
, more than 45,000 systems worldwide have been hit with the malware. The malware, dubbed WannaCry, hits systems running Microsoft Windows on which a patch released on March 14, 2017 has not been applied.
The researchers note that, while immediately applying the March 14 patch release is considered critical, the ransomware itself doesnt depend on the vulnerability to work. Its the ransomware transmission and remote installation, rather, that appears to rest on the EternalBlue exploit patched by Microsoft.
According to the National Health Service, by mid-afternoon UK time,
16 NHS organizations had been hit with the attack
, in some cases requiring emergency patients to be directed to other hospitals after infected computers were shut down.
Spains
Telefonica was also hit
, with several sources indicating that the telecom firm had instructed employees facing a ransomware screen to simply shut down their computers and await further instructions.
An article on
Forbes.com
pointed out that the EternalBlue exploit was first described publicly in the
Shadow Brokers release of NSA hacking tools
. In general, the initial infection vector is a .ZIP attachment to a spam email, which, when opened, immediately infects the target computer. According to CN-CERT, the Spanish cyber emergency response team, vulnerable versions of Windows include:
Microsoft Windows Vista SP2
Windows Server 2008 SP2 y R2 SP1
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2012 y R2
Windows 10
Windows Server 2016
Initial ransom demands were for US $300 in BitCoins, payable through a link on the announcement screen, though more recent infections seem to have increased the ransom demand to US $600 with the promise that the amount will continue to increase. Several security research teams report that they are working on decryption tools, but none are currently available.
As of this writing, most of the infected systems have been in Russia, with systems in Europe, Asia and Africa also infected. While North America is not free from infection, the numbers have so far been low. For all system administrators, its highly recommended that the advice of
Microsoft Security Bulletin MS17-010-Critical
be followed immediately.
For up-to-the minute information on systems that are infected and the response by researchers and government officials,
Twitters WannaCry Ransomware filter
feed is hard to beat.
— Curtis Franklin, Security Editor,
Light Reading
. Follow him on Twitter
@kg4gwa
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Global Ransomware Attack Strikes 70K Systems (& Counting)