Cyber criminals are using an exploit kit to distribute the fastest spreading ransomware to-date. The ransomware being distributed is WannaCry 2.0 but is also referenced to as WannaCrypt0r, Wanna Decryptor, and WCry.
What is WannaCry 2.0?
WannaCry is just like any other ransomware we have seen. However, the distributors are using an exploit kit called ETERNALBLUE. ETERNALBLUE is an exploit kit that was used by the NSA and was dumped by a hacker last month. We warned about this happening and can’t say we didn’t see this coming. Once those exploit kits that were used by the NSA were dumped, it was only a matter of time before a cyber criminal figured out a way to use it for his own cyber attack.
ETERNALBLUE works by exploiting a vulnerability in the SMBv1 protocol to get a grip on vulnerable machines. While Microsoft released a patch to fix this vulnerability, it does not mean everyone has applied it. Unpatched Windows machines exploited with ETERNALBLUE will be infected with WannaCry.
WannaCry is Spreading Fast
WannaCry hit UK hospitals earlier today and cyber security firm Avast reports that they have tracked more than 75,000 attacks in 99 countries. The ransomware has had such an effect on these hospitals that entire wards have closed, patients are being turned away, and staff are being sent home. The National Health Service in England reported that at least 16 health organizations were hit in a matter of hours.
“It is going to spread far and wide within the internal systems of organizations – this is turning into the biggest cybersecurity incident I have ever seen,” UK-based security analyst Kevin Beaumont said.
How to Prevent WannaCry from Infecting Your Machine
Keeping up with patches is one of the most important aspects of your cybersecurity well-being. If you have the most up-to-date Windows patch, your computer won’t be infected. However, many people ignore that window that pops up asking when you would like to install updates.
Relying on these patches isn’t enough anymore. Having CryptoStopper, developed by WatchPoint, could have stopped this ransomware in its tracks for all of the infected organizations. CryptoStopper uses deception technology in the form of Watcher Files placed on your network. The program continuously monitors the Watcher Files for the encryption process to start and will immediately identify the ransomware attack in seconds. CrypoStopper instantly isolated the infected machine from the network, then shuts down the workstation. Upon isolating the attack, the program will send you an email notification informing you that a ransomware attack has been discovered and contained. On average, CryptoStopper isolates a ransomware attack in 9 seconds, preventing all your targeted files from being encrypted and minimizing the damage done.
This is the fastest spreading ransomware attack that we have ever seen. However, it certainly won’t be the last that we see of this magnitude. Now that cyber criminals are figuring out how to use the NSA exploit kits, things could get ugly in the near future. Contact WatchPoint today to learn how you can put your worries about ransomware attacks to rest.