Massive RANSOMWARE attack under way worldwide called WANNACRY

robut

Well-known member
Joined
Apr 6, 2008
Messages
8,729
Telefónica and other firms have been infected by WannaCry NHS malware - Business Insider

There's a massive set of cyberattacks affecting hospitals and telecoms companies across Europe right now — but it isn't clear whether the hacks are connected.Telefónica seems to be the first company affected, after it told employees today to stop working and shut down their computers,according to Spanish newspaper El Mundo.

The NHS in the UK has also been attacked, with at least 15 organisations around the country affected by the attack. Hospitals have been closed and operations cancelled at short notice, and medical staff have resorted to pen and paper to work.

Both NHS and Telefónica confirmed the attacks. They both said they had been hit by versions of the "WannaCry" ransomware — malicious software which encrypts the information on a device, then demands a ransom to return it. According to user reports on Twitter, the ransomware asks users to pay $300 in Bitcoin.

Some 85% of Telefónica's computers have reportedly been affected.
Its been on LBC Radio for last two hours. It would appear that quiet alot if not most of the NHS computer systems are still running on ... WINDOWS XP. I realise Microsoft still patch XP if you pay for it .. but .. not very wise to still have XP puters in a system.

The Ransomware variant is called WANNACRY

Then came this:

An NSA Cyber Weapon Might Be Behind A Massive Global Ransomware Outbreak

It's been a matter of weeks since a shady hacker crew called Shadow Brokers dumped a load of tools believed to belong to the National Security Agency (NSA). It now appears one NSA tool, an exploit of Microsoft Windows called EternalBlue, is being used as one method of spreading a ransomware variant called WannaCry across the world.

The ransomware has hit UK hospitals hard, with multiple sources reporting closures of entire wards and some National Health Service (NHS) staff being sent home.
If you see this screen on your system .. your only hope is that you have a decent recent backup :(



Word is this is world wide. Main focus is in EUROPE at the moment ..

FEDX have just told their businesses to turn off systems.

https://twitter.com/craiu/status/863076786887852032

So far, we have recorded more than 45,000 attacks of the #WannaCry ransomware in 74 countries around the world. Number still growing fast.
 


Betson

Well-known member
Joined
Feb 7, 2013
Messages
17,212
Can these attacks only happen from something you download via web browser or email?
 

robut

Well-known member
Joined
Apr 6, 2008
Messages
8,729
Have recent decent backups is best way to counter a ransoware attack.

Watch what attachments you open, even from trusted senders. Watch what sites you click on OR links you click on at websites, in emails.

For the uninitiated :D .. Ransomware gets onto your puter and encrypts all your data like Excel, Word files, images etc. Deletes the original, usually deletes itself only leaving behind a ransom note desktop background image and/or a text file demanding ransom for the decrytion key .. call centre phone number supplied. Not a good idea .. BACKUP will save you this.

Ramsomware usually doesnt send the original data off to the hackers.
 

RasherHash

Well-known member
Joined
Jan 16, 2013
Messages
25,354
Skynet is online.

And so it begins...
 

robut

Well-known member
Joined
Apr 6, 2008
Messages
8,729
Can these attacks only happen from something you download via web browser or email?
Benson .. it usually arrives via a clicked link at a compromised website or a link in an email. OR can arrive via a clicked / opened email attachment.

Looks like nothing has happened except you might see your harddrive activity light going nuts ( its encrypting your data ). If you see this and suspect it to be a ransomware attack .. PLUG OUT / TURN OFF THE PC and UNHOOK FROM THE NET if via cable .. call your IT peeps, like me :D
 

Lara2

Well-known member
Joined
Nov 23, 2012
Messages
7,187
Slightly off the point but what's also worrying is a well known bank is also still operating on Windows XP. I know this because when I went to my local ATM very early one morning 6 months ago and the whole system was just starting up...with Windows XP on the screen.
 

robut

Well-known member
Joined
Apr 6, 2008
Messages
8,729
Slightly off the point but what's also worrying is a well known bank is also still operating on Windows XP. I know this because when I went to my local ATM very early one morning 6 months ago and the whole system was just starting up...with Windows XP on the screen.
Believe it or not Microsoft are still patching XP and earlier op sys'es for large organisations, but of course they pay biggly. Still though, not best approach.

No doubt they have hefty older custom software that would cost way more to replace than paying MS. The bean counters logic ..

Alledgedly .. I heard on LBC earlier that French air traffic control are still using WINDOWS 3.1 on some systems .. now thats scarey!!
 

robut

Well-known member
Joined
Apr 6, 2008
Messages
8,729
If you didnt keep clicking on porn sites this wouldnt happen, folks.
While yes, but not always the case. Fake email invoice attachments coming from "trusted" email sender is a big way of getting caught.

Where attachments are concerned the issue is peeps too quick to click and open. What is the safest way is to SAVE the attachment first to a folder on your desktop or elsewhere ( called ATTACHMENTS ). Then with an up to date anti virus, check the file first before opening.

Another infection source is what seems to be a legit site visited BUT in fact it is infected .. this is rarer though!
 

dalyp

Well-known member
Joined
Feb 17, 2016
Messages
987
Not nearly as entertaining as the Indian guys who phone to "help" you with your virus and want you to enable remote access to your PC , depending on my mood I can keep those guys on the phone for ages
 

robut

Well-known member
Joined
Apr 6, 2008
Messages
8,729
Seems to be causing havoc with the NHS across the water.
Yes .. because they are in the main using OLD WINDOWS XP pcs and servers which are no longer supported or updated by Microsoft.

A patch was out in March to shore up the exploit used by WANNACRY BUT that would have been for newer supported versions of windows like Win 7 and 8 and 10.
 

HereWeGoAgain

Well-known member
Joined
Aug 2, 2012
Messages
14,578
Seems to be causing havoc with the NHS across the water.
12 MAY 2017 • 6:51PM
Hospitals across the country have reported being hit by the attack
Ransomware, holding files hostage in return for Bitcoin payment, is infecting computers around the world
Patients are being turned away from A&E
Operations are being cancelled
Hospitals in the North, East, London and West Midlands have been affected
The NHS has been crippled in large areas of the country as part of a world-wide cyber attack.

Hospitals are understood to have lost the use of phonelines and computers, with some diverting all but emergency patients elsewhere.

At some hospitals patients are being told not to come to A&E with all non-urgent operations cancelled.

NHS cyber attack spreads worldwide
 

Betson

Well-known member
Joined
Feb 7, 2013
Messages
17,212
I assume all this is completely untraceable and originating from Romania or Russia or somewhere like that?
 

HereWeGoAgain

Well-known member
Joined
Aug 2, 2012
Messages
14,578
A ransomware attack running rampant through Europe today is spreading via an exploit leaked in the most recent ShadowBrokers dump.
Researchers at Kaspersky Lab said the attackers behind today’s outbreak of WannaCry ransomware are using EternalBlue, the codename for an exploit made public by the mysterious group that is in possession of offensive hacking tools allegedly developed by the NSA.


EternalBlue is a remote code execution attack taking advantage of a SMBv2 vulnerability in Windows. Microsoft patched the vulnerability on March 14, one month before the exploit was publicly leaked. Spain’s Computer Emergency Response Team, Kaspersky Lab, and others are recommending organizations install MS17-010 immediately on all unpatched Windows machines.

Most of the attacks are concentrated in Russia, but machines in 74 countries have been infected; researchers at Kaspersky Lab said in a Securelist report published today they’ve recorded more than 45,000 infections so far on their sensors, and expect that number to climb.

Sixteen National Health Service (NHS) organizations in the U.K., several large telecommunications companies and utilities in Spain, and other business worldwide have been infected. Critical services are being interrupted at hospitals across England, and in other locations, businesses are shutting down IT systems

https://threatpost.com/leaked-nsa-exploit-spreading-ransomware-worldwide/125654/
 

robut

Well-known member
Joined
Apr 6, 2008
Messages
8,729
I assume all this is completely untraceable and originating from Romania or Russia or somewhere like that?

Far east ransomware call centres. The preferred payment type is BITCOIN that is pretty untraceable. Sinks back into the dark web where it is changed to real money or spent!
 

jmcc

Well-known member
Joined
Jun 12, 2004
Messages
42,612
Slightly off the point but what's also worrying is a well known bank is also still operating on Windows XP. I know this because when I went to my local ATM very early one morning 6 months ago and the whole system was just starting up...with Windows XP on the screen.
So is the Irish govenment. Apparently its IT guru said that it would be unaffected by the Windows XP End Of Life. (Apparently it would keep paying for updates.)
 


New Threads

Popular Threads

Most Replies

Top