A Global Outbreak of WannaCry Ransomware Attacks
On May 12th, 2017, the AlienVault Labs Security Research Team reported seeing a wave of infections related to a new ransomware variant known as “WannaCry.” The attacks have been widespread, affecting hospital services, banks, and telecommunications service providers in Europe, and beyond.
At the time of writing, WannaCry ransomware has been linked to over 75,000 attacks in 99 countries1. With no apparent target, these attacks could potentially strike any organization vulnerable to such an infection.
Therefore, it’s important to know the potential risks of the WannaCry Ransomware and how to detect a potential infection early.
How Does WannaCry Ransomware Work?
One of the infection vectors in WannaCry is apparently a module that exploits a vulnerability (MS17-010) in Windows and uses a worm component to spread within a network. It’s important to note that the most likely initial attack vector is a phishing attempt that users may fall for to install the ransomware onto their computers. Once there, the virus can spread to other systems more easily.
Once installed, WannaCry locks the files on a computer and asks its victims to pay approximately $300 by Bitcoin within a few hours. It appears the attackers have found people willing to pay.