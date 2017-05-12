Wana Decryptor Ransomware Using NSA Exploit Leaked By Shadow Brokers To Spread Ransomware Worldwide (threatpost.com) 33
msm1267 quotes a report from Threatpost: A ransomware attack running rampant through Europe today is spreading via an exploit leaked in the most recent Shadow Brokers dump. Researchers said the attackers behind today's outbreak of WannaCry ransomware are using EternalBlue, an exploit made public by the mysterious group in possession of offensive hacking tools allegedly developed by the NSA. Most of the attacks are concentrated in Russia, but machines in 74 countries have been infected; researchers at Kaspersky Lab said they've recorded more than 45,000 infections so far on their sensors, and expect that number to climb. Sixteen National Health Service (NHS) organizations in the U.K., several large telecommunications companies and utilities in Spain, and other business throughout Europe have been infected. Critical services are being interrupted at hospitals across England, and in other locations, businesses are shutting down IT systems. An anonymous Slashdot reader adds: Ransomware scum are using an SMB exploit leaked by the Shadow Brokers last month to fuel a massive ransomware outbreak that exploded online today, making victims all over the world in huge numbers. The ransomware's name is Wana Decrypt0r, but is also referenced online under various names, such as WannaCry, WannaCrypt0r, WannaCrypt, or WCry. The ransomware is using the ETERNALBLUE exploit, which uses a vulnerability in the SMBv1 protocol to infect vulnerable computers left exposed online. Microsoft issued a patch for this vulnerability last March, but there are already 36,000 Wana Decrypt0r victims all over the globe, due to the fact they failed to install it. Until now, the ransomware has laid waste to many Spanish companies, healthcare organizations in the UK, Chinese universities, and Russian government agencies. According to security researchers, the scale of this ransomware outbreak is massive and never-before-seen.
But this isn't a zero-day. "Microsoft issued a patch for this vulnerability last March, but there are already 36,000 Wana Decrypt0r victims all over the globe, due to the fact they failed to install it."
Blame lax IT policies and ineffective management for leaving exposed machines to the internet unmatched. Of course your going to get hosed. Most know to put a firewall, enable the machine's firewall, or air-gap their systems.
But it IS for SMB v1 protocol, which IS old.
So it;s not like even if it were a year old patch that this hole was quickly fixed, was it. Moreover, most IT systems are still trying to find out which patches can be applied and which ones cannot because of their spyware implications or incompatibility with other software or hardware.
HomePCs can patch as soon as the patch comes out, but IT networks of large comanpies can't afford their IT to be out of order because of a patch for 6 months, and have to properly t
I guess the question is why wasn't there a plan in place to patch the holes going on in secret also? If you're going to weaponize something you want to be able to neutralize it also. True since rocks.
Re: (Score:3, Insightful)
No. Say thanks to Micro$oft for making people extremely gunshy after their concerted efforts to force Windows 10 down everyone's throats.
It's bad enough to worry that an update to a bad driver will brick your machine without the problem of waking up to find Windows 10 on your machine.
I'm sure there's enough blame to go around here, but don't forget that the update paranoia around Windows OS's was brought to you by none other than Micro$oft themselves.
Like any weapon, this one is dangerous (deadly!) in the wrong hands. It was not the NSA, who placed it into the wrong hands, however.
It was the NSA who failed to properly secure and protect their "weapon" that could wreak havoc globally if it got into the wrong hands. It was and is their responsibility.
Did you miss the part where Microsoft patched this 2 months ago [microsoft.com] and the only people being infected are the ones that are grossly (even negligently) behind?
I honestly don't care about whether you blame the NSA for developing an exploit or not reporting it earlier. At this junction, however, 100% of the blame lies with these IT departments that can't get their shit patched.
Tally (Score:2)
Number of affected worldwide when it leaks: Tens of thousands to potentially millions
Obscurity is not security. (Score:3)
I've said it before but it bears repeating. [slashdot.org]
When you create an exploit, you create a weapon but when you submit a fix, you make that weapon ineffective. So now instead of having the world's best armor, we have an absurd cache of weapons and those weapons have been stolen. The moral isn't to protect your weapons better, it's that you should be making better armor.
It hit the NHS hard (Score:3, Interesting)
I'm a doctor in the NHS. It hit my hospital hard. The bosses triggered the MAJAX protocols meaning everyone off work was called to come in and help. Computers are used for everything, so blood tests, admissions, scan requests, referrals, all had to be done by hand. The public were asked to keep away from A+E because hundreds of people were waiting. It was terrifying how little failsafe infrastructure there was. The hospital just stopped working.
And you use unpatched computers in a hospital WHY? How the hell is it that the PC my kid plays Minecraft on is patched, but the ones you use for MEDICAL CARE are not!? WTF!?
get used to it (Score:2)
What boggles my mind (Score:2)
Is that there are still 45k Windows machine that are directly connected to the Internet.
Any Windows machine I manage (mostly very specific medical software and medical machines) are either VM (and thus behind a firewall and any service proxied to a BSD or Linux host) or airgapped.
File a lawsuit against ... (Score:2)
... the NSA.
Lots of demonstrable dollar loss.
Microsoft plugged this hole back in March.
The NSA should Compensate.... (Score:1)
EVERY Person, and EVERY Business, that this will do damage to. Its their tool, POORLY secured, that caused this ENTIRE MESS!
You got it all wrong. The entity to blame is Microsoft. Their operating system is poorly secured which is the root cause of this entire mess.
Brought to you by Microsoft's incompetence (Score:2)
RANSOMWARE USES BUG PATCHED IN MARCH (Score:1)
Oh, but it takes time to verify that these patches won't...
Yeah, and how long is it going to take you to recover from getting slammed, and at what cost? For something that was patched TWO MONTHS AGO.
Not a zero day, a YESTER-DAY!
And if you're still relying on XP...