“WannaCry” Ransomware Spreads Like Wildfire, Attacks Over 150 Countries

By on May 12, 2017

Update: The McAfee team has developed a tool that can be used in an effort to recover files that have been attacked by WannaCry ransomware. Learn about it here.

Recently, a ransomware attack emerged that is worthy of tears. WannaCry ransomware hit the scene, spreading like wildfire across 150 countries and infecting more than 250,000 machines, which includes a massive takedown of 16 UK NHS medical centers in just one day. Other major countries impacted include Spain, Russia, Ukraine, India, China, Italy, and Egypt.

Now, how is this massive attack possible? Our experts say the ransomware attack exploits the Server Message Block (SMB) critical vulnerability–also known as the Equation Group’s ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers a couple of weeks ago. Basically, the attacker can use just one exploit to gain remote access into a system. Once access is gained, the cybercriminal then encrypts data with a file extension “.WCRY.” Not to mention, the decypter tool used can hit users in multiple countries at once, and translate its ransom note to the appropriate language for that country. The ransom is said to demand $300 to decrypt the files.

The good news is, consumers don’t have to worry about this attack affecting their personal data, as it leverages a flaw within the way organizations’ networks allow devices to talk to each other.

Furthermore, by Friday afternoon, McAfee delivered detection updates to its products to ensure customers would be protected from all the known versions of the WannaCry ransomware.

However, this attack does act as a reminder for consumers to prepare for personal ransomware attacks. In order to stay prepared and keep your personal data secure, follow these tips:

-Be careful what you click on. This malware was distributed by phishing emails. You should only click on emails that you are sure came from a trusted source. Click here to learn more about phishing emails. 

-Back up your files. Always make sure your files are backed up. That way, if they become compromised in a ransomware attack, you can wipe your disk drive clean and restore the data from the backup.

-Update your devices. There are a few lessons to take away from WannaCry, but making sure your operating system is up-to-date needs to be near the top of the list. The reason is simple: nearly every software update contains security improvements that help secure your computer and removes the means for ransomware variants to infect a device.

Schedule automatic updates. It’s always a good practice to set your home systems to apply critical Windows Security Updates automatically. That way, whenever there is a vulnerability, you receive the patch immediately.

Apply any Windows security patches that Microsoft has sent you. If you are using an older version of Microsoft’s operating systems, such as Windows XP or Windows 8, click here to download emergency security patches from Microsoft. 

Keep security solutions up-to-date. Many security products are automatically updated. Take McAfee for example– our customers will be protected from this ransomware as soon they connect to the Internet and update their security software. Plus, as new variants of this ransomware arise, we will continuously update our software to keep them protected.

If you are not currently a McAfee customer, you can get protection here. And stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

About the Author

Gary Davis

Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. He is a sought-after speaker on trends in digital ...

Read more posts from Gary Davis

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to McAfee Securing Tomorrow Blogs