Ransomware Attack Encrypts Data on All Windows Versions

This morning, a ransomware-type attack occurred on several companies in Europe. The systems at Telefónica's headquarters in Madrid appear to have been the initial targets of this attack and news reports indicate that 85% of the company's computers were infected and had their data encrypted.

According to the newspaper El Mundo, the perpetrators of the attack are demanding a redemption payment by May 19th equivalent to $300 in Bitcoins per machine under the threat of erasing all data encrypted by the malware to unblock access to the devices.
The origin of the attack has not yet been confirmed, but sources close to Telefónica are tracking it to an effort from China.

This attack is so critical because it has the ability to "worm", which can multiply through the environments and computers autonomously and with great ease. Today's attack was caused by a version of the ransomware WannaCrypt, which exploits a critical vulnerability in the Windows operating system and allows remote code execution.

The security flaw is in the malware protection service of the operating system, which allows you to intercept and inspect all read and write activity of files and system data. By exploiting the malware, malware gains access to the machine with administrative privileges.

The crash was published through CVE-2017-0144 and caused Microsoft to publish an emergency patch in Microsoft Security Advisory 4022344. Almost all versions of Windows can be affected and updates must be performed immediately. It is possible to monitor the spread of malware in real time through a website published by Intel.

CIPHER recommends to immediately apply the update on all Windows operating systems. In addition, apply and restart mission critical servers, as the operational impact of downtime will be less than that caused by the threat.

Furthermore, we also recommend to apply patches and updates on your systems as soon as possible and keep your users aware of the new ransomware campaign to prevent them from opening suspicious email and files. Finally, ensure that only the communication ports required on servers and computers are exposed on the internet.

guide to modern ransomware attacks

Did you enjoy this blog article? Share it with your friends or comment below.
 
.

 

About CIPHER

Founded in 2000, CIPHER is a global cybersecurity company that delivers a wide range of Managed Security Services and Security Consulting Services. These offers are supported by the best in class security intelligence lab: CIPHER Intelligence. With offices located in North America, Europe, and Latin America, 24×7×365 Security Operations Centers and R&D laboratories, the services are complemented by strategic partners around the globe. CIPHER is a highly accredited company holding ISO 20000 and ISO 27001, SOC I and SOC II, PCI QSA and PCI ASV certifications. We have received many awards including Best MSSP from Frost & Sullivan for the past six years.

Our clients consist of Fortune 500 companies, world-renowned enterprises, and government agencies with countless success stories. CIPHER provides organizations with proprietary technologies and specialized services to defend against advanced threats while managing risk and ensuring compliance through innovative solutions.

Subscribe to Us!

Recent Security Posts

Essential-Cyber-Security-Tips-Guide.jpg

Twitter Feed