Best Blackhat Forum

There's a Massive Ransomware Attack Spreading Globally Right Now (Biggest ransomware attack in history, Using NSA-Leaked Tools)

A ransomware attack is quickly spreading across the globe rendering vital systems inaccessible.




Friday morning, the Twitter account MalwareHunterTeam reported ransomware known as WanaCrypt0r (a WannaCry variant) spreading at an alarming rate. “In less than 3 hours (even can say less than 2 hours if we count it from the explosion), they got victims already from 11 countries.”

Approximately 6 hours later, at 1pm ET, Kaspersky Lab reported more than 45,000 attacks in 74 countries. “Number still growing fast,” tweeted Costin Raiu, director of global research for the Moscow-based security firm.


Update: There is a patch for this exploit—see the bottom of the post for instructions.

Russia, Taiwan and Spain appear to be those initially hit the hardest, but a map of the infections generated by MalwareTech show the ransomware spreading to all populated continents, and numerous reports from security researchers indicate that WanaCrypt0r has also found its way into the US.

An initial report from UK-based MalwareTech researcher indicate that the ransomware was spreading peer-to-peer and may have been weaponized using a leaked Microsoft Windows exploit (EternalBlue) stolen from the U.S. National Security Agency.

Among those to first report infections publicly are 16 hospitals in England and the Spanish telecom Telefonica. The infected systems rendered files encrypted and inaccessible and a warning flashed across the screens. “You only have 3 days to submit the payment. After that the price will be doubled,” it reads. “Also if you don’t pay in 7 days, you won’t be able to recover your files forever.”








What is ransomware? Malicious software that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it
Where did ransomware originate? The first documented case appeared in 2005 in the United States, but quickly spread around the world
How does it affect a computer? The software is normally contained within an attachment to an email that masquerades as something innocent. Once opened it encrypts the hard drive, making it impossible to access or retrieve anything stored on there – such as photographs, documents or music
How can you protect yourself? Anti-virus software can protect your machine, although cybercriminals are constantly working on new ways to override such protection
How much are victims expected to pay? The ransom demanded varies. Victims of a 2014 attack in the UK were charged £500. However, there’s no guarantee that paying will get your data back

Is amazing and funny how this happens when net neutrality is a thing in the US!

Update 2:

Microsoft has taken the “highly unusual” step of securing early operating systems in the wake of a massive ransomware attack that wreaked havoc on global computer networks, including the UK’s National Health Service.

Microsoft XP received the new security patch three years after the computer giant discontinued support for the OS.

Don’t WannaCry? 5 easy tips to protect yourself from ransomware

#0 Patch!
Security experts advise to install the Microsoft fix—MS17-010—right away. Following the installation, make sure to reboot the system.

The patch that closes the backdoor used by WannaCry to penetrate the system was released by Microsoft on March 14 – apparently shortly after the NSA became aware that its exploit has been stolen, and roughly a month before the Shadow Brokers hacking group exposed it to the world.

In general, patching your system and installing regular Microsoft updates should secure an average PC user from unwanted vulnerabilities.

#1 Beware!
Just as with many other ransomware, the virus can penetrate the system not only through a Windows vulnerability, but also through the “spray-‘n’-pray” phishing attack, which involves spamming users with emails that carry a malicious attachment. The attackers can also lure a victim to click on a URL where malware will be ready to crawl into your machine.

Because ransomware targets everyday Internet users, businesses and public service providers, any individuals or organizations that needs continuous access to its systems should be especially careful what sites they visit and which attachments they open up.

#2 Backup!
It is highly advised, in order to protect yourself from being held hostage to data thieves, to create secure backups of important data on a regular basis. Simply backing up is not enough though, as physically disconnecting the storage device is required to avoid it being infected with ransomware as well. Cloud storage is another option to use, but it makes your data vulnerable to all other kinds of attacks.

#3 Don’t pay ransom!
This one is quite simple – there’s no guarantee that victims will get their data back even if they caught up cash cyber crooks demand from them. Plus there is no guarantee that the attackers won’t strike you again or demand more.

#4 Install antivirus (at least a trial version)!
Make use of your antivirus software’s ransomware removal tool, which should scan for and wipe out any ransomware attempts found on your computer.

Update 1:
How to Protect Yourself From the Vulnerability

According to Microsoft a fix for this vulnerability was released on March 14th for all affected versions of Windows. If you are running Windows and have automatic updates enabled you should be okay. If you don’t and haven’t updated recently you should update to the most recently released version immediately. It is important to note that unsupported versions of Windows, like XP, did not receive this security update. Those systems should either be isolated or shut down.

Please pass this along to your friends and family. Those that are less technical may not have updates auto-enabled, and may need a helping hand updating their operating system.

Thanks for the heads-up kafirbaz12. I saw this mentioned on the news last night here in the UK but I didn't know it was Ransomware. Many hospitals attacked. Thanks again NSA! Great security. :/

We have to spread this news to newbies

Actually Microsoft made many proactive actions after this.
they made me to update the windows security update.its an much appreciated action from there side.

Thanks for the heads up.

Thanks for the details, couldn't realize how "hardcore" it was before I had read this.

Just a quick note...the tec guys think this is not over and another will be released within days.

Be carefull not to visit sites offering a patch unless it is microsoft or a site that is very very reputable.

It is easy to open a mail, visit a site that promises a patch and infects you with the same malaware.

Usually when these situations come about, other hackers etc jump on the band wagon and offer a solution. There is no solution to patch microsoft products unless they are from microsoft.

Be safe
systom