Protecting Your Organization from the WCry Ransomware

May 12, 2017

Ransomware has become the fastest growing malware threat, targeting everyone from home users to healthcare systems to corporate networks. Tracking analysis shows that there has been an average of more than 4,000 ransomware attacks every day since January 1, 2016.

On May 12, FortiGuard Labs began tracking a new ransomware variant that spread rapidly throughout the day. It is a highly virulent strain of a self-replicating ransomware that has impacted such far-flung organizations as the Russian Interior Ministry, Chinese universities, Hungarian and Spanish telcos, and hospitals and clinics run by the British National Health Services. It is especially notable for its multi-language ransom demands that support more than two-dozen languages.

This ransomware is being referred to by a number of names, including WCry, WannaCry, WanaCrypt0r, WannaCrypt, or Wana Decrypt0r. It is spread through an alleged NSA exploit called ETERNALBLUE that was leaked online last month by the hacker group known as The Shadow Brokers. ETERNALBLUE exploits a vulnerability in the Microsoft Server Message Block 1.0 (SMBv1) protocol.

Read more from the Fortinet Blog.

 

Read more...

Previous Article
Root Cause Analysis of Windows Kernel UAF Vulnerability lead to CVE-2016-3310
Root Cause Analysis of Windows Kernel UAF Vulnerability lead to CVE-2016-3310

  In the first quarter of 2016, we realized that there were tons of windows kernel use-after-free (UAF) vu...

Next Article
WannaCry FAQ - Take-aways and Learnings
WannaCry FAQ - Take-aways and Learnings

WannaCry FAQ: How does WannaCry spread? WannaCry has multiple ways of spreading. Its primary method is to u...