Ransomware WannaCry infects multitude of computers
Since last Friday, it has been published the infection of tens of thousands of computers in almost one hundred of countries by a ransomware identified as one of the WannaCry variants. The affected organizations would include government agencies, telecommunication and energy supply companies, financial institutions or healthcare systems in countries such as China, Russia, Spain, the United Kingdom or India. The affected computers were attacked due to the existence of a vulnerability in several versions of the Windows operating system, for which Microsoft already provided the corresponding patch in March.
Update 13/05/2017: A young British researcher, who initially intended to remain anonymous, but whose data have finally been made public, with the help of researcher Darien Huss, from the cyber security company Proofpoint, managed to hold the explosive diffusion of the ransomware WannaCry through the registration of a domain to which the malware was attempting to connect when running, and in case the connection was not successful, malware continued to replicate. Several researches indicated that the intention of the WannaCry creators was to have a mechanism to paralyze the attack by registering this domain.
Update 15/05/2017: Rob Wainwright, director of Europol, has said that more than 200,000 cases have been reported in at least 150 countries. Wainwright fears that the number of people affected will not stop growing over the next days.
Update 16/05/2017: Several cybersecurity companies have published some conclusions about the authorship and the initial mechanism infection of the attack. Experts by Google, Symantec and Kaspersky among others, as well as US government have found similarities with other attacks attributed to the group of hackers Lazarus, related to the North Korean government, as possible author of the cyber attack. Furthermore, most analysts seem to agree that the techniques used to trigger the infections were the same as they stole from the NSA and were then spread via internet by the Shadow Brokers hackers group.
According to various media, losses in the 150 countries affected by cyberattack would be of billions of dollars.
Update 16/06/2017: Some information indicates that the National Center for Cybersecurity (NCSC) of the United Kingdom has also a computer attack on the Lazarus group, linked to North Korea.
Update 08/06/2018: The North Korean spy Park Jin Hyok, who belongs to a group of computer criminals known as Lazarus, has been accused by the USA of being behind the WannaCry 2.0 worm and the attack to Sony Pictures. The latest information about the accused is that he returned to North Korea, after working in China for a company linked to the North Korean government.
References:
- 12/05/2017 certsi.es Telefónica afectada por ransomware
- 12/05/2017 certsi.es Oleada de ransomware afecta a multitud de equipos
- 13/05/2017 telegraph.co.uk British 22-year-old jumped around in excitement after finding way to stop global cyber attack
- 13/05/2017 cadenaser.com El experto que frenó el ciberataque con 10 euros
- 14/05/2017 forbes.com Microsoft Just Took A Swipe At NSA Over The WannaCry Ransomware Nightmare
- 14/05/2014 independent.co.uk Cyber attack: Hackers in China try to seize control of WannaCry ransomware's 'kill switch'
- 14/05/2017 blogs.microsoft.com The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack
- 15/05/2017 bbc.com Ransomware cyber-attack fallout
- 15/05/2017 elconfidencial.com El ciberataque continúa: alerta en ambulatorios y juzgados para evitar el virus
- 15/05/2017 lasexta.com Microsoft culpa a la Agencia Nacional de Seguridad de EEUU por el ciberataque global
- 15/05/2017 internacional.elpais.com Europol teme que el número de afectados por el ciberataque aumente a partir del lunes
- 15/05/2017 theguardian.com WannaCry ransomware has links to North Korea, cybersecurity experts say
- 15/05/2017 securelist.com WannaCry and Lazarus Group – the missing link?
- 15/05/2017 symantec.com What you need to know about the WannaCry Ransomware
- 16/05/2017 lavanguardia.com EE.UU. sospecha que Corea del Norte está detrás del ciberataque global
- 16/05/2017 internacional.elpais.com Corea del Norte centra las sospechas del origen del ciberataque global con WannaCry
- 16/05/2017 cbsnews.com "WannaCry" ransomware attack losses could reach $4 billion
- 16/06/2017 bbc.com NHS cyber-attack was 'launched from North Korea'
- 08/06/2018 fbi.gov FBI Most Wanted: PARK JIN HYOK
- 07/09/2018 unaaldia.hispasec.com Acusado un espía de Corea del Norte por el ataque a Sony Pictures y el gusano WannaCry 2.0