Today's Massive Ransomware Attack Was Mostly Preventable; Here's How To Avoid It

Ransomware may be mostly thought of as a (sometimes costly) nuisance, but when it hinders the ability of doctors and nurses to help people with an emergency medical problems, that qualifies as armed robbery.

Photo: Getty

On Friday, a quickly spreading, nasty piece of malware crossed mountains and oceans to infect more than 70,000 machines around the world in its first few hours. Among those infected were more than a dozen hospitals in England, a telecom in Spain, FedEx's offices in the United Kingdom, and apparently, the Russian Interior Ministry. Within half a day, there were instances detected on six continents.

There's A Massive Ransomware Attack Spreading Globally Right Now

A ransomware attack is quickly spreading across the globe rendering vital systems inaccessible.

Read more

What's sad is that this was all largely preventable, had more Windows users simply installed the security patch Microsoft released for it two months ago. (Unless you're one of the 8.45 per cent of users still running Windows XP, which hasn't been supported for three years.)

Here's what happened: Unknown attackers deployed a virus targeting Microsoft servers running the file sharing protocol Server Message Block (SMB). Only servers that weren't updated after March 14 with the MS17-010 patch were affected; this patch resolved an exploit known as ExternalBlue, once a closely guarded secret of the National Security Agent, which was leaked last month by ShadowBrokers, a hacker group that first revealed itself last winter.

The ransomware, aptly named WannaCry, did not spread because of people clicking on bad links. The only way to prevent this attack was to have already installed the update.

Through the ExternalBlue exploit, the malware installed an NSA backdoor payload called DoublePulsar, and through it went WannaCry, spreading rapidly and automatically to other computers on the same network -- potentially hundreds at a time.

Unfortunately, it looks like attacks might make some serious bread for their efforts. Researchers combing through samples of the ransomware have already discovered several bitcoin wallets in which thousands of dollars have been deposited. It's fine to say we shouldn't negotiate with hackers demanding ransom -- though the people who say that almost always do -- but when the target is an emergency room, and lives are at stake, there's really no choice.

Hospitals Across England Infected With Ransomware, Leaving Patients Without Care

England's healthcare system fell victim to a massive cyberattack on Friday afternoon, forcing several hospitals to divert emergency patients to other facilities. Ransomware appears to be the cause.

Read more

If you think you might be vulnerable to WannaCry, or you don't remember installing any updates over the past month, your first step is to address that issue immediately. As Sean Dillon, the RiskSense security analyst who reverse engineered DoublePulsar, told ThreatPost: "This is the most critical Windows patch since [Conficker]," which is one the largest similar infections to date.

Despite having been patch nearly a decade ago, the Conficker worm is still in circulation. "I find it everywhere," says Dillon, adding that WannaCry, too, "is going to be on networks for years."

The importance of downloading and installing security updates (as opposed to just clicking "remind me tomorrow" for several weeks in a row) cannot be overstated. Just ask the patients of the 16 hospitals in England whose delay in care could have been easily avoided.

[ThreatPost]

WATCH MORE: Tech News


Comments

    As dick moves go, this is up at the top of my list so far. Very low act, I hope they catch them and throw away the key to their cells.

    This is going to become the new "normal". While governments conspire with various electronic consumer goods and software manufacturers to place remote entry devices or backdoor software in the various devices to facilitate spying on their citizens, and pro freedom groups engage in hacking to expose often denied government dept corruption, the attack tools become available to criminals to take advantage of. The UK government has discussed making encryption of communication illegal to supposedly better enable it to catch people with criminal intent, but fortunately the financial industry would cease to be if such laws were passed and that would herald the beginning of the end for "Capitalism".
    Governments the world over have proved time and time again that they cannot be trusted and while they keep stockpiles of "hacking tools" to be used against their citizens these tools will keep becoming available to criminals. If all known back doors and security flaws/weaknesses were fixed and governments stopped conspiring with others to create more we might have a chance of, if not stopping all attacks like this one, making them extremely rare.
    I'm not holding my breath.

    Yes, I have also listened news of a massive ransomware attack in different countries including UK and Russia. Many individual internet users are scared with this news. The problem is that nobody know how to avoid it?

      It's not hard to avoid, just make sure you systems are fully up to date. It's been patched a month or 2 ago.

      "The problem is that nobody know how to avoid it?"
      This article is literally about how to avoid it.

      A start would be to not use a 16 year-old operating system which hasn't been supported or updated for the last 3 years.

    Also most of these companies are cheapskate on thier IT, particularly when they contract out thier IT services to get the costs off-ledger.
    If you don't use a hardware firewall to block these attacks, then I have utterly no pity. Ok so they cost 60k for a full on mission critical hardware firewall.. How much havoc does it prevent, how many lives does it save (in the case of the NHS and other hospital system). But then you tend to find IT managers are technologically ignorant and incompetent!

      Many systems needs to be restarted after patching, it is a normal practice to have a quarterly patching.
      MS patch was released on March 14, so even if you have monthly patching in place, you will get affected.

    The moment you realise all your significant data is lost due to cyber attack can be the ideal time to think about incorporating some cyber security initiatives for your or your business but not gonna mend your loss. So it's better to keep a safe backup on periodic basis and fulfil the basic security initiatives you can, keep Kaspersky, PureVPN etc. active.

    As this virus is attacking SMB shares, does this leave linux using SMB open to attack?

      I wouldn't so, unless the malware can infiltrate Unix-like OS'.

        It does actually well doesn't. But if you have shared smb services being accessed on a Windows machine that has write permissions to the storage on a Linux machine. It can encrypt the data.

Join the discussion!

Trending Stories Right Now