Over 114,000 WannaCry (also known as ‘Wana Decrypt0r’, ‘WannaCryptor’ or ‘WCRY’) infections detected
CERT Spain and security researchers at MalwareTech have confirmed Kafeine’s original finding. The latter even created a live map showing new Wana Decrypt0r ransomware’s victims infected in real time.
Whoever is behind this ransomware has invested heavy resource into Wana Decrypt0r’s operations. In the few hours this ransomwares has been active, it has made many high-profile victims all over the world. According to Avast security researcher Jakub Kroustek, Wana Decrypt0rs made over 57,000 victims in just a few hour.
Some of the first victims were Spanish company, such as Telefonica — a telco provider, Gas Naturals — a natural gas provider, and Iberdrola — an electric utility providers.
Later in the day, the wave of Wana Decrypt0r infection spread to the UK, where it hit a large number of hospitals and clinics. UK’s the National Health Services issued an alert on the attacks earlier today.
Details of patient record data and appointment schedules, as well as internal phone lines and email, have all been rendered inaccessible.
NHS England declares major incident after malware blocks access to patient record, appointment schedules, internal phone lines and emails
NHS Digital said: “A number of NHS organization have reported to NHS Digital that they have been affected by a ransomware attacks which is affecting a number of different organizations.
“The investigation is at an early stage but we believe the malware variant is Wanna Decryptor. At this stage, we do not have any evidences that patient data has been accessed. We will continue to work with affected organizations to confirm this in some time.
“NHS Digital is working closely with the National Cyber Security Centres, the Department of Health and NHS England to support affected organizations and to recommend appropriate mitigation.
“This attack was not specifically targeted at the NHS and is affecting organizations from across a range of sector.
“Our focus is on supporting organizations to manage the big incident swiftly and decisively, but we will continue to communications with NHS colleagues and will share more information as it becomes available.”
7 Easy Steps to Protect Yourself:
Currently, there is no WannaCry decryption tool or any other solution available, so users are strongly advised to follow prevention measures in order to protect themselves.
Keep your system Up-to-date: First of all, if you are using supported, but older versions of Windows operating system, keep your system up to date, or simply upgrade your system to Windows 10.
Using Unsupported Windows OS? If you are using unsupported versions of Windows, including Windows XP, Vista, Server 2003 or 2008, apply the emergency patch released by Microsoft today.
Enable Firewall: Enable firewall, and if it is already there, modify your firewall configurations to block access to SMB ports over the network or the Internet. The protocol operates on TCP ports 137, 139, and 445, and over UDP ports 137 and 138.
Disable SMB: Follow steps described by Microsoft to disable Server Message Block (SMB).
Keep your Antivirus software up-to-date: Virus definitions have already been updated to protect against this latest threat.
Backup Regularly: To always have a tight grip on all your important files and documents, keep a good backup routine in place that makes their copies to an external storage device that is not always connected to your PC.
Beware of Phishing: Always be suspicious of uninvited documents sent an email and never click on links inside those documents unless verifying the source.