Ransomware Attack Encrypts Data on All Windows Versions

This morning, a ransomware-type attack occurred on several companies in Europe. The systems at Telefónica's headquarters in Madrid appear to have been the initial targets of this attack and news reports indicate that 85% of the company's computers were infected and had their data encrypted.

According to the newspaper El Mundo, the perpetrators of the attack are demanding a redemption payment by May 19th equivalent to $300 in Bitcoins per machine under the threat of erasing all data encrypted by the malware to unblock access to the devices.
The origin of the attack has not yet been confirmed, but sources close to Telefónica are tracking it to an effort from China.

This attack is so critical because it has the ability to "worm", which can multiply through the environments and computers autonomously and with great ease. Today's attack was caused by a version of the ransomware WannaCrypt, which exploits a critical vulnerability in the Windows operating system and allows remote code execution.

The security flaw is in the malware protection service of the operating system, which allows you to intercept and inspect all read and write activity of files and system data. By exploiting the malware, malware gains access to the machine with administrative privileges.

The crash was published through CVE-2017-0144 and caused Microsoft to publish an emergency patch in Microsoft Security Advisory 4022344. Almost all versions of Windows can be affected and updates must be performed immediately. It is possible to monitor the spread of malware in real time through a website published by Intel.

CIPHER recommends to immediately apply the update on all Windows operating systems. In addition, apply and restart mission critical servers, as the operational impact of downtime will be less than that caused by the threat.

Furthermore, we also recommend to apply patches and updates on your systems as soon as possible and keep your users aware of the new ransomware campaign to prevent them from opening suspicious email and files. Finally, ensure that only the communication ports required on servers and computers are exposed on the internet.

guide to modern ransomware attacks

Did you enjoy this blog article? Comment below with your feedback.

 

About CIPHER

Founded in 2000, Cipher is a global cybersecurity company that delivers a wide range of services: Managed Security Services (MSS), Managed Detection and Response (MDR), Cyber Intelligence Services (CIS), Red Team Services (RTS), Governance, Risk and Compliance (GRC) and Cybersecurity Technology Integration (CTI). These services are supported by the Cipher Lab, an elite threat and cyber intelligence research and development lab, and also by five 24x7 Security Operations Centers (SOC).

Cipher is a highly accredited company holding ISO 27001, ISO 22301, ISO 20000, ISO 9001, SOC I, SOC II, PCI QSA, PCI ASV and CREST certifications. The quality of service has led Cipher to win many awards from world-renowned research companies such as Gartner, Frost & Sullivan and Forrester. Clients consist of companies from mid-size enterprises to world-renowned corporations and government agencies, with countless success stories.

Recent Security Posts

Essential-Cyber-Security-Tips-Guide.jpg

Twitter Feed