A global ransomware attack of an unprecedented scale took place Friday, affecting healthcare services, banks and tech companies. The attack was reported by the CCN-CERT, the Spanish Government’s Computer Security Incident Response Team at 12:26 p.m. EDT, Friday.
“An alert has been issued for a massive attack of ransomware that affects Windows systems, blocking the access to the files (in their hard disks as in the units of a network to which they are connected). The special criticality of this campaign is caused by exploiting the vulnerability described in bulletin MS17-010 using EternalBlue / DoublePulsar, which can infect other connected Windows systems on the same network that are not properly updated. Infection of a single computer can end up compromising the entire corporate network,” the organization said in its press release. (Translated from Spanish)
While the attack majorly affected Spanish telephone giant Telefonica and Britain’s National Health Service, there have been reports of U.S. entities such as Bank of America and Wells Fargo being affected.
According to antivirus company Avast, 75,000 attacks had been reported in 75 countries, at the time of writing.
The ransomware used in the attack is called WanaCrypt0r 2.0 or WanaCry and is available in 28 different languages ranging from Bulgarian to Vietnamese. The ransomware changes the affected file extension to.WNCRY. Once the ransomware has taken control of the computer, it then drops ransom notes in a text file, demanding $300 payment in the form of Bitcoins. The ransom note ends with a peculiar reassurance for victims, saying: “Don’t worry about decryption. We will surely decrypt your files because nobody will trust us if we cheat users.”
The most interesting aspect of the attack is the malware used, might have been originally written by the National Security Agency. It was dumped by hacking group Shadow Brokers in April. The group had discovered the tools in 2016 and had tried to sell them online. After not being able to sell, it dumped them. NSA had not commented on the leak then, but security firms had warned of an attack at the time, and it turns out their prediction turned out to be accurate.
“This is quite possibly the most damaging thing I’ve seen in the last several years. This puts a powerful nation-state-level attack tool in the hands of anyone who wants to download it to start targeting servers. “The individual consumer is a little less at risk, as these kinds of tools are targeted at enterprise and business environments,” said Matthew Hickey, founder of security firm Hacker House, at the time.
The fact that cyber criminals could use NSA tools for large-scale attacks has raised eyebrows. Los Angeles Representative Ted. W. Lie, issued a statement on the attack, saying “The massive malware attack that hit multiple countries has caused chaos and has shut down vital institutions such as hospitals. It is deeply disturbing the National Security Agency likely wrote the original malware. I have been working on legislation with industry stakeholders and partners in the Senate to address this problem.. …Today’s worldwide ransomware attack shows what can happen when the NSA or CIA write malware instead of disclosing the vulnerability to the software manufacturer.…. The time is now for Congress to seriously address cybersecurity issues.”