WannaCry Ransomware: Microsoft Calls Out NSA For 'Stockpiling' Vulnerabilities

May 18, 2017, 16:18

So far, CERT-RO has received three notifications of incidents resulted from the WannaCry attack, namely two from public institutions and one from a private company.

The virus, equipped with "a worm functionality" - called "WannaCry 2.0" - has already locked up computers in vehicle factories, hospitals, shops and schools in several countries, including China and Russian Federation.

Researchers at Check Point spotted a new variant of WannaCry that used a different kill switch domain (it pings it and if it finds it isn't registered, it activates the ransomware; for more details, check out the original post on this behavior). What was going on?

The ransomware, which is believed to exploit the "Eternal Blue" loophole developed by the US National Security Agency (NSA), attacks computers running Microsoft Windows operating systems and locks users out of their own computers by encrypting their files. The malware is supposed to get to your systems through emails or clicking on the links and opening attachments in spam emails and downloading from unknown sources. The industry term for this type of super-vigorous ransomware: Ransomworm. "I don't think there is one".

More news: Jeter's No 2 retired by Yanks; Monument Park plaque unveiled

In 2014, Microsoft ended support for the highly popular Windows XP, released in 2001 and engineered beginning in the late 1990s, arguing that the software was out of date and wasn't built with modern security safeguards. That's why it's called ransomware.

The good news is that Javelin's software was able to prevent the spread of Wcry on their customers' computers, right out of the gate, explained Abutbul.

Monitor your network with Windows Defender Advanced Threat Protection, which alerts security operations teams about suspicious activities. Rather, it's a Windows vulnerability that the NSA knew about, and which was disclosed in January 2017. The vulnerability had been stolen from the NSA and then dumped onto the internet by a hacking group.

We recommend customers that have not yet installed the security update MS17-010 do so as soon as possible. But many corporations don't automatically update their systems, because Windows updates can screw up their legacy software programs. The original exploit was codenamed "Eternal Blue", and it was specifically created to tunnel through networks via the Sever Message Block version 1 (SMBv1). An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. This notorious ransomware is the very thing that wreaked havoc over computer networks across the entire world over the last few days.

More news: Is Apple working on a bezel-less iPad?

Windows 7 and Windows 10 are more popular than XP, with around 49% and 26% market share respectively.

WannaCry spreads itself within corporate networks, without user interaction, exploiting a known vulnerability in Microsoft Windows. Will there be more attacks in the coming weeks or months? "Javelin specifically focuses on the malicious lateral movement in its early phases and has the ability to stop every spread attempt regardless of methodology and help the organisation recover automatically".

Stronger incentives are needed to prompt users to replace rather than patch out-of-date pieces of code like Windows XP.

More news: UK hospitals report tech problems in possible cyberattack

  • Google's Legal War With Uber Will Officially Play Out in Court

    Google's Legal War With Uber Will Officially Play Out in Court

    Judge William Alsup ruled that a jury should decide the merits of the case and partially granted an injunction against Uber. Uber doesn't deny that the downloads occurred, and Levandowski has asserted his 5th Amendment rather than answer questions.

    Man holding human head stabs store clerk; mother found dead

    A woman was later found dead in a case that authorities said was connected to the stabbing at the store, OregonLive.com reported . At the time, Webb along with carrying his mother's severed head was also observed carrying a large kitchen knife.
    Suspect in deputy-involved shooting shot, killed by PBSO deputy

    Suspect in deputy-involved shooting shot, killed by PBSO deputy

    O'Shea was wanted by Raleigh Police for the May 2 armed robbery of a Super 8 motel at 5110 Holly Ridge Road, off Glenwood. They said they tracked him down later that day in Jupiter after he allegedly carjacked a woman.
  • Google Assistant may be coming to iOS soon

    Google Assistant may be coming to iOS soon

    Once Google makes the Android platform as secure as iOS, we could then look at a auto with complete Android functionalities. If you're not already aware, I/O 2017 is just two days away so Google may announce the Assistant for iOS on this date.
    When Noah meets Emma: Top US baby names for 2016

    When Noah meets Emma: Top US baby names for 2016

    But these effects can also be seen when less traditional names make a huge jump in popularity beyond the top 10. The Social Security Administration (SSA) has released its annual list of the most popular baby names .
    As Obamacare fails, Senate gets its chance

    As Obamacare fails, Senate gets its chance

    Hopefully, there are enough patriots in the Senate to prevent this moral travesty from becoming the law of the land. I will do all I can to prevent Senate action on this disastrous plan, or on anything that comes close to it.
  • Oil price surge pushes FTSE 100 to record high

    Oil price surge pushes FTSE 100 to record high

    Together, they control around 20 million bpd in daily output, equivalent to a fifth of daily global consumption. US West Texas Intermediate (WTI) crude was at $48.67 a barrel, up 82c, or 1.7%.
    Hunter captures 16-foot python in Everglades

    Hunter captures 16-foot python in Everglades

    While Crum's catch is the biggest at the Everglades, the biggest in the larger south Florida area measured 5.4 meters. Not only does Dusty "Wildman" Crum enjoy what he does, but he also likes what it does to his wallet.

    Jordanian stabs Israeli police officer, shot dead

    President Donald Trump has vowed to try and broker a historic peace deal to end the Israeli-Palestinian conflict. The attacker was dressed in a black suit, trying to disguise himself as an ultra-orthodox Jewish man.
  • McIlroy to undergo test on troublesome back

    McIlroy to undergo test on troublesome back

    The 28-year-old four-time major victor is suffering from a back injury, but made a strong start to the day at Sawgrass. Danny Willett's troubles continued after withdrawing only nine holes into his second round.

    Bakayoko says Monaco are champions as Jardim curbs celebrations

    There is another crucial relegation battle as second bottom Nancy visit third bottom Dijon with just a point separating the two. Even though this was only one point for Marseille , it was a huge result in the race for next season's Europa League .
    'Dr Phil' to air interview with Aaron Hernandez's fiancee

    'Dr Phil' to air interview with Aaron Hernandez's fiancee

    Jenkins-Hernandez expressed doubts about the investigation into Hernandez's death, saying the findings didn't seem "believable". She added: "It screamed love, but it wasn't personal". "She thought daddy was at work. she knows nothing about jail, prison".