Massive Global Ransomware Attack Underway. Please make sure you done all recent Windows Update to protect your PC and your precious DATA.
It’s now confirmed from many source :
WannaCryptOr/WannaCry ransomware is infecting Windows computers and is very virulent because of its mode of propagation.
Big infrastructures already have been infected including government agencies, hospital, ISP …
Once one computer is affected the malware infection spreads on other computers of same network using SMB vulnerability. So it may spread inside private network but also free WiFi.
From what we know Microsoft fixed this vulnerability on its Windows updates on March 14th (MS17-010). So if you didn’t yet, please update.
This Windows exploit come from the NSA Hacking tools called EternalBlue, which was dumped by the Shadow Brokers hacking group over a month ago.
What is Ransomware :
It’s a malware that insidiously encrypt all your personal DATA, then lock down your system and ask you money (bitcoins) to unlock your system and give you back access to your data.
As your DATA are encrypted on your system you can’t retrieve the data by yourself.
How to protect :
- Have your system and software up-to-date (your OS, but also your web browser, your Office suite and your chat application as vulnerabilities here are the best way to get control of your system).
- Regularly do backup of your important DATA on an external Storage, then unplug it (else your backup may be affected too).
-  Microsoft officially ended its support for Windows XP in 2014, but just done an special update because lot of sensible organisation, including England’s National Health Service hit yesterday, was still using this old version of Microsoft Windows. So if you are using old version of Microsoft Windows : Windows XP, Windows 8, Windows Visa, and Windows Server 2003, you can get the special patch here on its update catalog. Microsoft web site may be a little slow right now …
-  To help with busy web site Microsoft published more information and direct download links.
-  Windows 10 PC seem to be safe against this local network propagation (but still vulnerable from other classic way : phishing, download, …).
-  Some security researchers found a kiil-switch inside the ransomware code that stop propagation. If one special domain name exist then it stop. They bought that domain name so now it exist for real, so please don’t block access to DNS if your network is infected, it may save some of your PC if not too late.
-  As expected WannaCry 2.0 is already out, without this kill-switch, so the propagation continue with this one …
-  WikiLeaks just released info from CIA Windows Malware Frameworks … so be prepared to see more attack of this kind in the next month …
-  If you want to be safer for current infection but also future exploits, then disable the really old and unsecure SMB 1.0 protocol on your PC (it have been replaced by 2.0 & 3.0 since long time, so you shouldn’t need 1.0 anymore) :
-  The Hacking collective Shadow Brokers is promising to release more exploits for various desktop and mobile platform in June 2017. So be prepared to more weird attack in near future, and not only on outdated Windows machine. I recommend to keep each of your computer, smartphone or IoT updated, patched and please change default or weak password …
-  Today Apple released security update for MacOS, iOS, WatchOS and TvOS …
-  French security researchers found a way to retrieve the deleted encryption key in memory if you PC didn’t rebooted since the infection, and if the memory wasn’t reallocated … you can try if you are lucky : info about free unlock on TheHackerNews.
-  Researchers found that a more discret malware using the same NSA tools infected hundreds of thousands of computers since beginning of the month. This malware named Adylkuzz use infected computers for mining cryptocurrency, and may not be noticed (It will only make the computer slow). More info here.
-  Information about another Hacking tool from the CIA was released : Athena. It target Windows XP to Windows 10. More information here. Don’t be surprised if new malware exploit this soon.