<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">
Defrag This

| Read. Reflect. Reboot.

Massive Malware Attack Will Infect More Than Healthcare

Greg Mooney| May 12 2017

| security

massive-malware-attack.jpgRansomware is infecting businesses across the globe, from healthcare to telecommunications. And the malware is spreading via a known exploit that was leaked and patched months ago. 

Updated 5/15/17: Just as we guessed it, Monday is here and companies are beginning to realize that they too are infected with WannaCrypt 2.0 ransomware. News sites are even calling it "WannaCry" now. Whether that was intentional or not, who knows. But it might be a fitting name due to the heartache it will be causing companies this week. 

Some other companies that are being infected now include FedEx and Telfonica from Spain

There is some good news coming out of this, however. Our white hat pals, or security researchers, have been working around the clock to thwart the ransomware.

I'll share this excerpt from Bleeping Computer since they explain it well:

"The kill switch works because the WannaCry ransomware pings a hard coded domain (the kill switch) before the encryption process starts. If the domain is not registered, the encryption goes on as planned, but if the domain is registered, the encryption process stops."

Also important to note is that if your files are encrypted by this ransomware, the price to release your files has gone up. There are also companies claiming to have services to decrypt WannaCrypt 2.0's encryption. These are scams, so you should tread lightly. Security experts have yet come up with a way to decrypt files. 

It started early Friday. Ransomware that was making its mark on 16 healthcare companies in the UK, is not only an issue of data security, but is proving to cause life or death situations for patients that need to be moved to other facilities due to systems being down. But it doesn't end with the UK hospitals and clinics.

 Image: BleepingComputerImage: KrebsOnSecurity

Details are scarce on how the malware is infecting businesses across the globe, but we definitely haven't seen a ransomware attack of this scale and magnitude. What's astonishing is how this ransomware is spreading like wildfire. This isn't a run of the mill DDoS that causes havoc from time to time, this is a mass scale ransomware attack.

The first healthcare facilities to cry for help were part of the UK's National Health Service (NHS), but other hospitals and clinics are affected as well. It's safe to say that this isn't a direct attack on NHS and healthcare anymore. News is trickling out that businesses in Europe, Russia, and Asia are being infected as well.

This attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors,” the NHS said. “At this stage we do not have any evidence that patient data has been accessed.”

Other countries being affected by the malware that comes from the NSA's hacking toolkit called WanaCrypt0r 2.0.

Patch Your Systems Now!

The problem with this type of attack isn't that it was leaked by ShadowBrokers and said to be part of the NSA's arsenal of cyber weapons. It's the fact that this was leaked over 2 months ago and there have been updates available for some time to patch the security holes this malware exploits. 

I spoke with Stephen Rogacki who is an IT Manager at Universal Health Services (UHS) and he wasn't surprised.

"The reality of the world we live in today, Windows Server patching isn't just about keeping your systems up to date, it's about keeping them and the data that lives on them secure," explains Steve. 

"We're good, we patch bi-monthly.  We actually have a patch event coming up next weekend."

As Steve suggests, the issue stems from not patching systems on a regular basis or using old verions of operating systems, like XP. Honestly, there is no reason that any business should be using Windows XP in 2017. If you are then it may be too late. 

It still makes sense that you spend some time patching this vulnerability, called MS17-010, and Microsoft has released emergency updates for XP as well. 

Topics: security

Leave a Reply

Your email address will not be published. Required fields are marked *

THIS POST WAS WRITTEN BY Greg Mooney

Greg is a technologist and data geek with over 10 years in tech. He has worked in a variety of industries as an IT manager and software tester. Greg is an avid writer on everything IT related, from cyber security to troubleshooting.

Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.