NSA Hacking Tool Used in Massive Ransomware Attack
A massive cyber attack is under way! Hundreds of private and public companies around the world were hit today with what has been reported as the largest ransomware campaign ever released to date.
This attack is in part due to the release of the NSA hacking tool, EternalBlue, by the hacker group, Shadow Brokers.
The tool exploits a vulnerability in the Microsoft Windows Operating System and it currently effects all versions of Windows.
What does WannaCry 2.0 Do?
The WannaCry 2.0 is spread by a typical phishing email attack that targets unsuspecting users. Users are tricked into clicking a link or downloading an infected file. Once the ransomware is on your computer it begins encrypting your local files and quickly spreads onto your network encrypting the data on shared folders and network drives.
WanaCrypt0r 2.0 is asking for $300 of Bitcoin to unlock the contents of the encrypted files.
This vulnerability affects all versions of windows, Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows server 2008, Windows Server 2012 and Windows 2016.
Microsoft released a patch back in March that resolved this vulnerability, MS17-010. This outbreak is so serious, Microsoft even released a patch for Windows XP
How to Protect Against WannaCry 2.0
Hopefully your IT department has updated all your machines with the latest Windows updates and have installed a commercially available anti-virus software on your computer.
Unfortunately many companies and organizations both large and small, have not patched their systems and or not running an updated anti-virus program . Major companies like FedEx, Telefonica', and much of the National Health Service have had systems on their network that were not properly protected and now have their systems compromised.
To insure you are protected, run the Windows update utility and make sure the March 2017 Monthly Security Roll-up has been installed. Look for updates 4012216, 4013429, or 4012215.
Also make sure your antivirus software is updated with the latest definitions.
If you think your computer may be infected or would like to have your computer checked for free, please contact RMK Consulting immediately at 855-860-8600