Worldwide ransomware campaign May 2017

On Friday May 12th, a worldwide ransomware campaign was started. This campaign is based on the WannaCry ransomware family which consists on a number of ransomware variationsand have known to wreak havoc worldwide. The attack is initiated from a simple

email with an attachment of either a Word or a PDF file. The email text includes a social engineering statement that tricked people into clicking on the attachment containing the ransomware worm. Following the opening of the attached file, the worm begins to work by exploiting a known Microsoft vulnerability. The ransomware scans computer folders and encrypts most of the useful files. After encryption, the ransomware displays a message that requires the user to pay hundreds of dollars for the de-encryption of the data. As of May 14th, it is clear that hundreds of organizations in about 100 countries have been infected with WannaCry ransomware, including a number of hospitals in the UK, motor production companies in France, and the Telephone company in Spain.

The assessment done by a number of Cyber warfare and Cyber intelligence forensic experts, show that the WannaCry ransomware proliferation is using SMB vulnerabilities which are part of NSA exploits leaked by ShadowBrokers. Microsoft reported this vulnerability as fixed (patch released) during March 2017 through various updates.

Although a new Windows update contains a patch to fix the vulnerability, it is forecasted that this ransomware will evolve and can be exploited again by cyber criminals.

ODI cyber experts are studying these event carefully and will release an update after a survey to be conducted among our ODIX CDR customers.

Stay tuned…. or contact us right now – here