It probably hasn’t escaped your notice that there is a huge outbreak of ransomware affecting organizations pretty much worldwide. The main cause of upset is the malware ESET calls Win32/Filecoder.WannaCryptor.D (other security software is available…)
At the moment it’s unclear how much actual data has been affected, and how many systems have been shut down as a proactive measure. One thing that does seem clear is that systems that haven’t been patched against MS2017-010 are vulnerable to the ‘externalblue’ exploit from the ShadowBroker NSA leak unless they have security software that blocks that exploit.
Being in the UK, I’m especially interested in the effect on the NHS, though I’m not in a position to tell you much about it. Here are a couple of links:
- Announcement by Digital Health
- The Register: NHS hit by ransomware attack, hospitals across country shutting down – GP told of ‘National hack of the computer health care system’
- Ars Technica
- This Bleeping Computer article is focused on the similar attack on Telefonica, but includes some useful links.
- And a Reuters article.
- Krebs on Security: U.K. Hospitals Hit in Widespread Ransomware Attack
- Kaspersky: Leaked NSA Exploit Spreading Ransomware Worldwide
Some sources link this with Jaff, but the information I have doesn’t suggest a resemblance. ESET detects it as PDF/TrojanDropper.Agent.Q trojan – the sample I received came as an attachment called nm.pdf. Commentary by EMSISOFT. Commentary by The Register.