ITech Insights

New Global Ransomware Spreading Today

June 27, 2017 Terry Rossi Security

"We are seeing several thousands of infection attempts at the moment, comparable in size to Wannacry's first hours." said Costin Raiu, a security researcher at Kaspersky Lab.

reformat.jpgJudging by photos posted to Twitter today and various images provided by sources, the attacks involve a piece of ransomware that displays red text on a black background, and demands $300 worth of bitcoin.

Once you see the message it is too late

"If you see this text, then your files are no longer accessible, because they are encrypted," the text reads, according to one of the photos.

"Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service."

According to a tweet from anti-virus company Avira, the current attacks were taking advantage of the EternalBlue exploit previously leaked by the group known as The Shadow Brokers.

EternalBlue is the same exploit used in the WannaCry attacks; it takes advantage of a vulnerability in the SMB data-transfer protocol, and Microsoft has since patched the issue.

Security researchers from Kaspersky Lab reported that the ransomware hit Russia, Ukraine, Spain, France, among others and is spreading to other countries fast.

Several people on Twitter reported witnessing or hearing reports of the outbreak in their respective countries, and across a wide range of industries. Companies around the world also reported computer outages.

If You Have Not Done So Yet, Apply This Patch Immediately.

From what we have been able to learn, this new worm spreads through SMB just like WannaCry so when we're talking about machines behind firewalls being impacted, it implies ports 139 and 445 being open and at-risk hosts listening to inbound connections. It will only only take one machine behind the firewall to become infected to then put all other desktops and servers at risk due to it being a self-spreading worm.

In the meantime, harden your machines against this Windows Network Share vulnerability and ensure that all systems are fully patched with the "MS17-010" security update. https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Remind all staff to Think Before They Click when they receive any out of the ordinary emails.

New Call-to-action