F-Secure Labs has been warning about the exponential growth of ransomware and the dangers of government surveillance tools unleashed into the wild. Cypto-ransomoware WannaCry — which exploded across the globe on Friday — seems to combine the worst of the dangers implied by both warnings.
Users infected by the threat are unable to use their machines unless they pay a ransom in up to $300 in Bitcoin. In that way it’s crimeware, much like other ransomware. But it takes advantage of a vulnerability that became known due to tools developed by the NSA that were included in a dump by The Shadow Brokers in April this of year.
F-Secure has gotten reports from more than 60 countries. Mikko Hypponen, our chief research officer, calls it “the biggest ransomware outbreak in history.”
Here’s what WannaCry looks in action:
The National Health Service in England is one of the largest organizations to be affected, with treatments and surgeries delayed throughout the system. Ambulances have even been diverted.
This is a global outbreak, though.
Here’s what you might have seen if you were in Frankfurt on Friday:
— Marco Aguilar (@Avas_Marco) May 12, 2017
Or a computer lab in a university in Italy:
A ransomware spreading in the lab at the university pic.twitter.com/8dROVXXkQv
— ミームｓｔｅｒｃｈｅｆ (@dodicin) May 12, 2017
The ransomware is distributed via spam and then spreads within an organization like a worm.
We haven’t seen anything like this since Conficker in 2008, which spread in a similar manner.
The exploit is known as MS17-010 and was previously patched by Microsoft. However, Windows XP machines no longer receive updates, so are at particular risk. Machines using current Windows operating systems which have not been patched with March 15 updates are also at risk.
Companies with appropriately configured firewalls have probably minimized the spreading.
So how big is this? Big. And it’s set to get bigger.
We know this is crimeware. It’s about making money, lots of it, the way ransomware crooks have been making money for years now.
Victims can pay to regain access to their machines, which a more malicious attacker might not give as an option. There’s a chance that law enforcement may close in on the perpetrators and thus the encryption key that could disarm the threat.
But there is a threat that this outbreak could give nation-states the idea to create similar cyber weapons where there’s no hope of ever recovering your data. That’s the worst case scenario.
So what should you do now? Update and follow this advice to protect your business against ransomware.
And if you are running a Windows XP machine that cannot be updated, stop doing that as soon as possible.