Ransomware Infections Reported Worldwide

Multiple organizations around the world including hospitals and telecommunications companies, reported falling victim to ransomware, and researchers said a worldwide campaign of attacks was ongoing. However, the full extent of the hacks, and whether all of them were connected to one another, is unclear.

Among the organisations affected are the NHS, Spanish telecoms firm Telefónica, and logistics firm FedEx.

Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 worth of the online currency Bitcoin, saying: “Ooops, your files have been encrypted!”

The reason for the malware’s virulent spread appears to be its use of an exploit of Windows software developed by the National Security Agency (NSA), the American spy agency. The exploit was leaked online months ago and patched by Microsoft — but those affected seem not to have updated their software to install the fix.

Cyber security experts say it is WanaCrypt0r 2.0, a new version of the WCry or WannaCry ransomware. Although it is early days and experts are battling to figure out how it works, some are suggesting what’s new about it is that it may exploit a vulnerability that was made public by a group called The Shadow Brokers that hacked the National Security Agency in the US, stole its hacking tools and then dumped them on the internet. Microsoft subsequently published a patch for the vulnerability.

Here is  a link to the Microsoft patch to preotect yourself from this attack  – https://technet.microsoft.com/en-us/library/security/ms17-010.aspx?ranMID=24542&ranEAID=TnL5HPStwNw&ranSiteID=TnL5HPStwNw-sm.x5myUIV87dNNyqEa68w&tduid=(b64538ebf66a9a2ee395d95da957a62c)(256380)(2459594)(TnL5HPStwNw-sm.x5myUIV87dNNyqEa68w)()

We have a PowerShell script here that can detect if your PC has the relevant Microsoft KB updates applied for WannaCry protection.