Ransomware WannaCry infects multitude of computers

Posted date 15/05/2017

Since last Friday, it has been published the infection of tens of thousands of computers in almost one hundred of countries by a ransomware identified as one of the WannaCry variants. The affected organizations would include government agencies, telecommunication and energy supply companies, financial institutions or healthcare systems in countries such as China, Russia, Spain, the United Kingdom or India. The affected computers were attacked due to the existence of a vulnerability in several versions of the Windows operating system, for which Microsoft already provided the corresponding patch in March.

Update 13/05/2017: A young British researcher, who initially intended to remain anonymous, but whose data have finally been made public, with the help of researcher Darien Huss, from the cyber security company Proofpoint, managed to hold the explosive diffusion of the ransomware WannaCry through the registration of a domain to which the malware was attempting to connect when running, and in case the connection was not successful, malware continued to replicate. Several researches indicated that the intention of the WannaCry creators was to have a mechanism to paralyze the attack by registering this domain.

Update 15/05/2017: Rob Wainwright, director of Europol, has said that more than 200,000 cases have been reported in at least 150 countries. Wainwright fears that the number of people affected will not stop growing over the next days.

Update 16/05/2017: Several cybersecurity companies have published some conclusions about the authorship and the initial mechanism infection of the attack. Experts by Google, Symantec and Kaspersky among others, as well as US government have found similarities with other attacks attributed to the group of hackers Lazarus, related to the North Korean government, as possible author of the cyber attack. Furthermore, most analysts seem to agree that the techniques used to trigger the infections were the same as they stole from the NSA and were then spread via internet by the Shadow Brokers hackers group.

According to various media, losses in the 150 countries affected by cyberattack would be of billions of dollars.

Update 16/06/2017: Some information indicates that the National Center for Cybersecurity (NCSC) of the United Kingdom has also a computer attack on the Lazarus group, linked to North Korea.

Update 08/06/2018: The North Korean spy Park Jin Hyok, who belongs to a group of computer criminals known as Lazarus, has been accused by the USA of being behind the WannaCry 2.0 worm and the attack to Sony Pictures. The latest information about the accused is that he returned to North Korea, after working in China for a company linked to the North Korean government.

References