Massive ‘Ransomware’ attack hits 99 countries around the world A large-scale cyber-attack has spread across 99 countries, including the UK, US, China, Russia, Spain, Italy and India. Unknown hackers apparently launched ‘ransomware’ attacks, which basically encrypt files and demands a Bitcoin (a form of virtual currency) payment to regain access.
Wana Decrypt0r 2.0 Ransomware
We are aware of a widespread ransomware attack which is affecting several IT organizations in multiple countries. A new ransomware attack called ‘Wanna’ (also known as WannaCry, WCry, WanaCrypt and WanaCrypt0r) is encrypting files and changing the extensions to: .wnry, .wcry, .wncry and .wncrypt. The ransomware spreads rapidly, like a worm, by exploiting a Windows vulnerability in t
he Windows Server Message Block (SMB) service, which Windows computers use to share files and printers across local networks. Microsoft addressed the issue in its MS17-010 bulletin. Analysis seems to confirm that the attack was launched using suspected NSA code leaked by a group of hackers known as the Shadow Brokers. It uses a variant of the ShadowBrokers APT EternalBlue Exploit (CC-1353). It uses strong encryption on files such as documents, images, and videos.
Sophos has protection for this threat:
Sophos Customers using Intercept X and Sophos EXP products will also see this ransomware blocked by CryptoGuard. Please note that while Intercept X and EXP will block the underlying behavior and restore deleted or encrypted files in all cases we have seen, the offending ransomware splashscreen and note may still appear.
Below is the image of sophos intercept X were ransomware is detected by its root cause analysis
WHAT TO DO ?
We are the National Distributor of Sophos in India and Sophos have a solution to prevent the attacks of Ransomware.
Please ensure all of your Windows environments have been updated as described in Microsoft Security Bulletin MS17-010 – Critical Microsoft has made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download. Download security updates for: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64 Microsoft is providing more information at its KBA article here: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacryptattacks/
For commercials kindly contact on below Contact no and Mail ID: Mumbai: 022-6791140 Delhi: 66-011-40537576 Bangalore: 080-41269789/ 080-25586220 Hyderabad: 040-40102067 Chennai: 044-43870487 Info@satcominfotech.com support@satcominfotech.com