The large scale ‘WannaCry’ ransomware attack started last Friday and caused widespread damage globally; encrypting 200,000 computers across 150 countries to date, with expectations of possible further infections as people return to work today.
The malicious software, believed to have been stolen from the US National Security Agency (NSA), notably attacked the National Health Service in the UK and Telefónica in Spain, although – as is characteristic of malware – it did not discriminate and therefore impacted all sizes and types of organizations.
Ransomware is a nasty type of malware that blocks access to a computer or its data by encryption, and then demands money to release the data. This ransomware, alternately referred to as WannaCry, Wcry, WannaCrypt or WanaCrypt0r 2.0, demands a ransom of USD $300, and doubles to $600 if not paid within three days. Further urgency is introduced by the threat to delete the files all together if the ransom isn’t paid within a week.
The WannaCry ransomware’s major vector of infection is via email. Once a user has unintentionally become infected and the ransomware is installed on their own PC, it tries to spread to other computers on the same network, using a known vulnerability in the Windows operating system that allows it to jump from PC to PC. This weakness was first uncovered as part of a huge leak of NSA hacking tools last month.
These screenshots illustrate how CYBONET’s PineApp Mail Secure’s zero-hour virus protection helps our customers by automatically blocking the ransomware, preventing it from infecting the organization’s network.