Stories
Slash Boxes
Comments

SoylentNews is people

Submission Preview

Link to Story

Keep your Tissues Handy - WannaCry Ransomware Lacking Kill Switch seen in Wild

Accepted submission by martyb at 2017-05-14 14:18:24 from the mouse and cat dept.
Security

Topic: +news

Previously: "Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS [soylentnews.org].

tl;dr: If you have not already patched your Windows computer(s), you may be at risk from a new variant of the WannaCrypt ransomware worm which lacks a kill switch and was seen over the weekend. Sysadmins are preparing for a busy Monday when countless other users return to work and boot up their PC.

WannaCrypt (aka WCry), is a ransomware worm that wreaked havoc across the internet this past weekend. It disabled Windows computers at hospitals, telecoms, FedEx, and banks (among many others). Files on user's machines were encrypted and the worm demanded $300 or $600 worth of Bitcoin to decrypt (depending on how quickly you responded). Reports first surfaced Friday night and were stopped only because a researcher discovered a domain name in the code, which when registered, caused the malware to stop infecting new machines.

We're not out of the woods on this one. Not surprisingly, a variant has been seen in the wild over the weekend which has removed the domain check. Just because you may not have been hit in the initial wave of attacks does not necessarily mean you are immune.

Back in March, Microsoft released updates to Windows to patch vaguely-described vulnerabilities. Approximately one month later, a dump of purported NSA (National Security Agency) hacking tools were posted to the web. The WannaCry ransomware appears to be based on one of those tools. Surprisingly, the Microsoft patches blocked the vulnerability that was employed by WannaCry.

In a surprising move, Microsoft has just released emergency patches [microsoft.com] for out-of-mainstream-support versions of Windows (XP, 8, and Server 2003) to address this vulnerability.

Sources: Uur previous coverage linked above as well as reports from the BBC Ransomware cyber-attack threat escalating - Europol [bbc.co.uk], Motherboard Round Two: WannaCry Ransomware That Struck the Globe Is Back [vice.com], and Ars Technica WCry is so mean Microsoft issues patch for 3 unsupported Windows versions [arstechnica.com].


Original Submission